Recommend Actions to Members
In an alert, actions are tasks assigned or recommended to members. This is based on the insights shared in the alert or as a course of normal security measures. As an analyst, you can recommend actions to members while creating alerts. For example, when there is a phishing threat, analysts can create an alert recommending actions to prevent the phishing attack, such as checking for suspicious links, and other actions.
Before you Start
Add recipients to the alert. For more information, see Add Recipients to the Alert.
Steps
To create actions for the alert, follow these steps:
In the alert creation form, click Recommended Actions.
Turn on the toggle Would you like to recommend actions for this alert? to recommend one or more actions to members and use the following information:
Enter a title and description for the action.
Select the recipient groups or individual recipients to whom you want to recommend the action. You must select at least one recipient for the action. The recipient list displayed is based on your selection in the Recipients section. You can select all the alert recipients using Select All Recipient Groups. The recipients can view actions assigned to them in Actions in the Member Portal.
To review the location and organization filters you applied when selecting recipients, expand Additional Filters.
Click Add Recommended Action to add more actions to the alert. You can add a maximum of five actions while creating an alert.
After recommending actions, the next step is to add from the Threat Defender Library. To know more about this, see Attach TDL Content.