View exceptions related to an alert -

Security Center automatically analyzes the exceptions related to an alert. You can click an alert name on the alert list to view and manage all the exceptions related to this alert, and view the results of automatic attack tracing.

Prerequisites

Only the Enterprise and Ultimate editions of Security Center support the feature of automatic alert correlation analysis. If you use the Basic, Anti-virus, or Advanced edition of Security Center, you must upgrade Security Center to the Enterprise or Ultimate edition before you can use this feature.
Automatic alert correlation analysis is enabled. For more information, see Enable automatic alert correlation analysis.

Background information

Security Center automatically associates alerts with exceptions in real time to detect potential threats.
Exceptions related to an alert are listed in chronological order. This allows you to analyze and handle the exceptions to improve the emergency response mechanism of your system.
An automatically correlated alert is identified by the icon.

Procedure

Log on to the Security center console.
In the left-side navigation pane, click Detection > Alerts.
On the Alerts page, click the name of the required alert in the Event column. The panel that shows alert details appears.
In the panel, view the details and related exceptions of the alert and handle the exceptions.
- View alert details
  You can view the following details of the alert: Affected Assets, First Occurrence, Latest Occurrence, Alert Reason, and Related Exceptions.
- View affected assets
  Click the name of an affected asset to view the details of the asset. The details include alerts, vulnerabilities, baseline risks, and asset fingerprints.
- View alert causes
  To view the causes and handling suggestions of the alert, click Go Now to go to the Vulnerabilities or Baseline Check page. On the Vulnerabilities page, you can view and handle the vulnerabilities. On the Baseline Check page, you can view and manage baseline risks.
- View and handle related exceptions
  In the Related Exceptions section, you can view the details and recommended suggestions of all exceptions related to this alert. To handle the exceptions, you can perform the following operations:
  - Click Process on the right of an exception. In the dialog box that appears, select a processing method to handle the exception.
    For more information about how to select a processing method, see View and handle alert events.
  - Click Note on the right of an exception to add a note for the exception.
    Click the icon on the right of a note to delete the note.
- View alert tracing results on the Diagnosis tab
  Click the Diagnosis tab to view the tracing results of the alert. For more information about alert tracing, see Use the attack source tracing feature.