Alerts Analysis
Introduction
A series of filters is available to assist in navigating alerts efficiently and identifying critical issues quickly. These tools are designed to refine searches and allow sorting of alerts by severity level, type of incident, date, and more. Customizing the experience saves time and enables focusing efforts where they are most needed.
Filters
The filters enable sorting and refining of displayed results according to various criteria. Applying a filter changes the Visualizer and the Alerts table. These are accessible from the top of the page.
Available filters
The following filters can be applied to customize the display of alerts according to user needs:
- Source IP: Look up a specific IP address to see alerts or set a range of IPs to filter the necessary alerts.
- Source AS: Check one or more Autonomous Systems.
- Source Country
- Behaviors: Find the list on the CrowdSec Hub.
- Attack Scenarios: Get the list from the CrowdSec Hub.
- Security Engine Names or Tags
- CVE: Check related CVE vulnerabilities.
- MITRE Techniques: Look at related MITRE techniques.
- Dates: Choose a time frame. The alerts depend on the organization plan—from 7 days with the community plan to one year with the Premium plan.