You are here: Funzioni dell'Analista > Alert > Cose da sapere sugli alert

What you should know about alerts

What are alerts

During the investigation phase, being "alerted" on special events that concern the target in real-time via e-mail or notification on RCS Console, can be helpful.

Alerts can be received when:

For example, if awaiting evidence from a target for a long time, an alert rule can be created to send an e-mail and record a log for each piece of evidence received. This way, users are immediately notified when the target resumes activities. The rule can be disabled later and evidence can simply be viewed as it arrives.

Or, if intelligence is used, it could be helpful to be "alerted" when a link is created with a certain entity or a new entity is created in the operation.

Alert rules

Alert rules set which events generate alerts. They can also be used to automatically assign levels of relevance to evidence or intelligence links which can be used in the analysis phase.

Alert rule application field

Rules that alert the arrival of evidence can be created on the following levels:

Rules that alert the automatic creation of an intelligence entity can be created on the following levels:

Rules that alert the automatic creation of an intelligence link can be created on the following levels:

NOTE: each user will be alerted according to their set rules.

Alert process

The alert process is described below:

NOTE: sending an e-mail is optional.

Phase Description
1

The Analyst creates rules to be alerted of the arrival of certain evidence, agent synchronizations or the automatic creation of intelligence entities or links. Rules log the alerts, notify them on the RCS Console and send them via e-mail (optional).

2

The system taps the incoming evidence or analyzes the element it is creating and compares it with the alert rules.

If the evidence... Then...

corresponds to an alert rule

The system saves the evidence as evidence or adds the entity or link to the operation, generating an alert that automatically applies the selected level of relevance. An e-mail notification can be sent by the system as an option.

does not correspond to an alert rule

The system saves the evidence as evidence or adds the entity or link to the operation without generating an alert.

3

The Analyst receives an alert e-mail (if set by the alert rule) and checks the alert log. From an alert, directly open the evidence that generated it or the created entity or the link view.

4

After checking, the Analyst deletes the alert logs.

RCS9.4 | User's Guide | © COPYRIGHT 2014