- Head over to Alerts > Workflows.
- Open the Queues tab:
I can't see the Queues tab!
If you cannot see the queues tab, you do not have the necessary permissions.
Here you will see a list of all the alert queues that currently exist.
- Press the + Create A New Queue button. A prompt will appear:
- Fill in the required information:
The only non-optional item is the name.
This is optional. Please use a description that your agents will understand.
Here you can choose the rule in which the alerts created by said rule will filter into your new alert queue. This is optional but must be filled in later if omitted during queue creation (fill it in during rule creation).
Route alerts to a queue using the rule's logic (or by manually assigning it after the alert is generated).
ONLY 1 RULE CAN BE ASSOCIATED WITH A QUEUE.
If rule is already associated with another queue, it will get disassociated from that queue immediately.
Here you can choose which team or teams can read alerts in this new queue.
Only agents who are assigned to a queue can investigate its alerts.
There are three ways to designate the order in which alerts are investigated:
|If you select...||then agents will|
|Oldest Creation Date||investigate in the order the alerts were created|
|Highest Transaction Value||investigate starting with the alert whose events have the highest transaction sum|
|Highest Risk Score||investigate starting with the entity that has the highest risk score|
- Click Create Queue.
Your new alert queue has been created.
- To fully work with alert queues, you need at least the following permissions:
create/edit alert queues
Updated 3 months ago