How to investigate an Alert
After an alert gets triggered and falls into an agent's queue, it is time to investigate and resolve it.
- The first steps of the alert investigation follow the same procedure. Head over to your Alerts page.
- Select the alert you want to investigate:
- Select Go to Alert Page ->:
- From the Alert pane, investigate the alert.
Possible steps in the investigation process include:
Review flagged entities -- this is the time to decide if the flagged entities are fraudulent or not. You can also whitelist entities from the rule if needed.
Review associate alerts -- these are alerts that were either triggered by the same rule at another time or other rules that triggered the flagged entities. They may be of relevance to your investigation, especially if an entity has been flagged numerous times.
Review flagged transactions -- these are the transactions that specifically triggered the mode (rule) logic.
Follow the investigation checklist -- this is a customizable list of steps that agents must follow before alerts can be resolved/escalated.
Review the network analysis -- presents potential PII overlaps and issues with the flagged entities in the alert.
Add documents -- you can add relevant documents such as IDs, contracts, and more in this tab.
Fill out narratives -- are required texts that are typically templates that organizations fill out for all alerts.
Add notes -- are small messages that can be passed between agents or information added during the alert review process.
Review the audit trail -- this is a list of all agent actions recorded for audit purposes.
Updated 10 months ago