Add Additional Information to the Alert
Analysts can add additional information such as references, recommendations, CVE IDs, threat actor details, severity, and any information that adds significance to the alert. The fields shown in this section are based on the category selected for the alert when you add the required details. Administrators can map additional fields to categories from Settings. See Create Custom Alert Categories.
Steps
To add additional information to the alert, do the following:
In the alert creation form, click Additional.
Add additional information to the alert. Use the following information while adding additional details:
Additional Info: Enter additional information related to the alert. Since the alert summary has a character limit of 150 characters, use Additional Info to add more information to the alert. You can de-fang and parse any reference URLs included in your additional information, and list them in their respective Reference fields.
If you add IOCs as additional information, click Defang to add text to the IOCs so that it is not potentially malicious or harmful when members unintentionally click them in the shared alert. For example, IP address 192.158.1.38 becomes 192[.]158[.]1[.]38 after it is defanged. If you do not want to defang the IOC, click Fang. By default, IOCs are fanged.
Linked Alerts: Add published alerts to the alert as additional information. Type your query and select the applicable alerts. Linked alerts appear as metadata, classified by the alert ID. Members can access linked alerts from the alert content.
References: Enter any reference links that can provide more information about the alert. You can add multiple reference links to an alert. Use Visible to Members to show or hide references to alert recipients.
After adding the additional information, click Next. The next step is to add indicators to the alert. To know more about this, see Add Indicators to the Alert.