Alerts Details

This report is included from CDC 1.8 onwards. From CDC 2.1, it is included as the final tab in the Alerts Report.
This report is a large table with the following data:

• Alert Name
• Detected Time (this is the time the SIEM, or EDR, or other external system created the alert)
• Created Time (this is the time the alert arrived at CDC - normally a few seconds after Detected Time)
• Severity
• Owner
• Status
• Time to End Triage (in minutes. This is used to calculate the MTTR data used in SLA and KPI reports.)
• Irrelevant Time (Time alert was closed as 'Irrelevant')
• Incident Created Time (Time alert was attached to an incident, which may be pre-existing)
• Close Reason
• Close Comment
• Closed By
• CDC Incident ID
• Incident Status
• Incident Closing Time
• Incident Close Reason

The time filter will show alerts created during the selected period.

In v2.0 there will be extra fields added:

• Incident Created Time (this is different from the time the alert was attached to the incident, and refers to the time the incident was created.)
• Time to resolve (from Alert creation until Incident closure, in minutes)
• External ticket ID (if exists)
• External ticket create time (if exists)