How to investigate an Alert

800

After an alert gets triggered and falls into an agent's queue, it is time to investigate and resolve it.

  1. The first steps of the alert investigation follow the same procedure. Head over to your Alerts page.
  2. Select the alert you want to investigate:
1200
  1. Select Go to Alert Page ->:
1200
  1. From the Alert pane, investigate the alert.
1200

Possible steps in the investigation process include:
Review flagged entities -- this is the time to decide if the flagged entities are fraudulent or not. You can also whitelist entities from the rule if needed.

1200

Review associate alerts -- these are alerts that were either triggered by the same rule at another time or other rules that triggered the flagged entities. They may be of relevance to your investigation, especially if an entity has been flagged numerous times.

1200

Review flagged transactions -- these are the transactions that specifically triggered the mode (rule) logic.

1200

Follow the investigation checklist -- this is a customizable list of steps that agents must follow before alerts can be resolved/escalated.

1200

Review the network analysis -- presents potential PII overlaps and issues with the flagged entities in the alert.

1200

Add documents -- you can add relevant documents such as IDs, contracts, and more in this tab.

1200

Fill out narratives -- are required texts that are typically templates that organizations fill out for all alerts.

1200

Add notes -- are small messages that can be passed between agents or information added during the alert review process.

1200

Review the audit trail -- this is a list of all agent actions recorded for audit purposes.

1200