Threat Command Quick Start

Use the Threat Command Alerts page to manage alerts.

Before you begin, ensure that company assets are defined, as described in Configuring Assets. This is typically performed by the Threat Command administrator.

Alerts are displayed in the Alerts page.

  1. Log in at
    For more information, see Log in to Rapid7 Threat Command.

  2. From the Threat Command main menu, point to Threat Command or its icon temporary placeholder, then select Alerts.
    The Alerts page is displayed.
    Alerts are displayed in theAlerts list. When you select an alert, the Alert header, Alert description, and the Alert options pane are displayed alongside the alert.

    temporary placeholder Alerts page

The default Alerts list shows open alerts, sorted by last updated. You can change the view with the various filter options. The summary numbers on top of the Alerts list reflect the alerts that match the current filter options.

In addition to a severity color and alert type, some alerts may have analyst or remediation updates, indicated by the envelope icon. The title text of alerts that have not yet been read is in bold on a white background (read alerts are not bold, on a grey background).

The Alert header and Alert description sections provide more alert details including a description and recommendations. You can also perform some alert activities from this section.

For more information about the Alerts page, see Managing Alerts.

Use the alert action buttons to perform the following tasks:

To do thisClick hereDescription
Change severitytemporary placeholderChange the alert severity.
Closetemporary placeholderClose the alert and remove it from the Alerts list.
Assigntemporary placeholderAssign an alert to another Threat Command user in your organization.
Flagtemporary placeholderAdd a flag to an alert to make it easier to find later.
Tagtemporary placeholderAdd a tag to an alert so it can be grouped with other, similar alerts.
Ask an analysttemporary placeholderAsk a Threat Command analyst about an alert.
Remediate: Takedowntemporary placeholderInitiate a request to remove the threat.
Remediate: Reporttemporary placeholderWarn Google Web Risk or PhishTank about the potential danger of the indicator of compromise.
Add a notetemporary placeholderAdd an internal note to an alert.

There are many more alert actions, described in the Alert actions table.

The Threat Command module provides you with the tools to manage those alerts that are most relevant to your company. The management cycle is recursive. Alerts are managed, new alerts are displayed, and the cycle starts again.

Where to go from here