Alert Management
Similar Alerts
Discover and analyze related alerts
Overview
The Similar Alerts tab helps identify and analyze alerts that may be related to the current alert. This feature uses various correlation methods to find potential connections and patterns across your alert data.Correlation Methods
Content-based Similarity
- Title matching
- Description analysis
- Observable overlap
- TTP correlation
Temporal Analysis
- Time-based clustering
- Frequency patterns
- Sequence detection
- Campaign timeline
Contextual Correlation
- Source alignment
- Target comparison
- Attack pattern matching
- Team/Organization context
Similarity Scoring
Score Components
- Observable match percentage
- TTP overlap
- Temporal proximity
- Source correlation
- Target alignment
Score Interpretation
- High confidence matches
- Potential relationships
- Weak correlations
- False positives
Alert Management
Viewing Similar Alerts
- Sort by similarity score
- Filter by time range
- Group by correlation type
- Focus on specific attributes
Bulk Operations
- Select multiple alerts
- Create case from group
- Merge alerts
- Update status
Alert Comparison
- Side-by-side view
- Difference highlighting
- Common attributes
- Unique characteristics
Pattern Analysis
Campaign Detection
- Alert clustering
- Pattern identification
- Campaign timeline
- Attack progression
Threat Actor Analysis
- Common TTPs
- Observable patterns
- Target profiles
- Attack methodologies
Visualization
Timeline View
- Chronological display
- Frequency analysis
- Pattern highlighting
- Campaign mapping
Relationship Graph
- Alert connections
- Observable links
- TTP relationships
- Pattern visualization
Best Practices
-
Analysis Workflow
- Review highest scores first
- Validate relationships
- Document findings
- Update correlation rules
-
Pattern Recognition
- Look for campaigns
- Track progression
- Note anomalies
- Document insights
-
Alert Management
- Group related alerts
- Create cases appropriately
- Update statuses
- Document relationships