Threat Command Quick Start
Use the Threat Command Alerts page to manage alerts.
Before you begin, ensure that company assets are defined, as described in Configuring Assets. This is typically performed by the Threat Command administrator.
Alerts are displayed in the Alerts page.
- Log in at https://dashboard.ti.insight.rapid7.com.
- For more information, see Log in to Rapid7 Threat Command.
- The Alerts page is displayed.
- Alerts are displayed in theAlerts list. When you select an alert, the Alert header, Alert description, and the Alert options pane are displayed alongside the alert.
The default Alerts list shows open alerts, sorted by last updated. You can change the view with the various filter options. The summary numbers on top of the Alerts list reflect the alerts that match the current filter options.
In addition to a severity color and alert type, some alerts may have analyst or remediation updates, indicated by the envelope icon. The title text of alerts that have not yet been read is in bold on a white background (read alerts are not bold, on a grey background).
The Alert header and Alert description sections provide more alert details including a description and recommendations. You can also perform some alert activities from this section.
For more information about the Alerts page, see Managing Alerts.
Use the alert action buttons to perform the following tasks:
There are many more alert actions, described in the Alert actions table.
The Threat Command module provides you with the tools to manage those alerts that are most relevant to your company. The management cycle is recursive. Alerts are managed, new alerts are displayed, and the cycle starts again.