Using the XDR Dashboard, you can communicate with the XDR SOC team about tickets without having to spend time on the phone.
You can respond to the SOC about open tickets and tickets that have been closed within the last four weeks.
Open the ticket on the View Ticket page.
You can open a ticket by doing one of the following:
Finding the ticket on the Alarms and Alerts page and clicking it
If you know the ticket number you want to communicate, input it in the top right corner of the View Ticket page.
Click Respond to Ticket in the upper left corner of the Ticket Details page.
In How should this alert be closed, select an option:
True Positive The investigation determined that the action(s) reported in this alert did occur as outlined.
Authorized Activity The action(s) reported in the alert did occur; however, they were approved, and legitimately conducted intentionally.
False Positive The actions reported in this alert did not occur, and the alert was deemed to be triggered improperly based on the investigation findings.
In Investigation Findings, enter the investigation that was done and the conclusion that was reached, if applicable.
In Further Action, select an option:
None - No further action is taken.
Additional Support - Request additional support.
Allow-list - Add the Alert or Alarm to the Allow List.
Block-list - Add the Alert or Alarm to the Block List.
In Details on further action requested, enter any other request you want to make to the SOC representative.
In Was this alert helpful?, select Yes or No.
In Feedback, enter anything else you want the SOC representative to know.
Optionally, select Send mail for this update.
Click Submit.