• Documentation

Track the status of an alert

Keeping track of which alerts have not yet been investigated is essential. This is especially important if you have a large team of administrators, security analysts, or security engineers, or round the clock shifts, where one engineer might hand off to another at the end of their shift.

Alerts can be marked:

  • Open - the alert has not yet been investigated.

  • Acknowledged - the alert has been seen, and investigation may be in progress.

  • Expected - the alert has been investigated and found to be expected or benign behavior.

  • True positive - the alert has been investigated, and was found to be an issue that required remediation.

Who can do this?
Role: Organization admin, Guard Detect admin
Plan: Atlassian Guard Premium

Change the status of an alert

The status field provides a way to see the status of the alert at a glance.

To change the status of an alert:

  1. In Guard Detect, select Alerts from the header.

  2. Navigate to the alert, and select a status from the Status dropdown.

The status is for your organization’s information only, and doesn’t affect the alerts that you are shown in future.

Create an issue to track the alert

If your team uses Jira, you can create an issue directly from the alert. This is useful if you need to allocate the investigation or remediation actions to another person or team, including people who don’t have access to view alerts.

To create an issue from an alert:

  1. In Guard Detect, select Alerts from the header.

  2. Select the alert you want to view.

  3. Select Create Issue and follow the prompts to provide the required Jira project details.

We’ll populate the issue Summary and Description with details from the alert.

Still need help?

The Atlassian Community is here for you.