2 docs tagged with "incidents"

Alerts are events flagged by detections as requiring attention. They serve as critical indicators of potential security incidents, operational anomalies, or other noteworthy events.

Cases are containers for investigations that bring together related alerts, query results and evidence, AI Assistant conversations, team collaboration, and investigation reports in a structured environment for organizing and resolving complex incidents.