During the investigation phase, being "alerted" on special events that concern the target in real-time via e-mail or notification on RCS Console, can be helpful.
Alerts can be received when:
For example, if awaiting evidence from a target for a long time, an alert rule can be created to send an e-mail and record a log for each piece of evidence received. This way, users are immediately notified when the target resumes activities. The rule can be disabled later and evidence can simply be viewed as it arrives.
Or, if intelligence is used, it could be helpful to be "alerted" when a link is created with a certain entity or a new entity is created in the operation.
Alert rules set which events generate alerts. They can also be used to automatically assign levels of relevance to evidence or intelligence links which can be used in the analysis phase.
Rules that alert the arrival of evidence can be created on the following levels:
Rules that alert the automatic creation of an intelligence entity can be created on the following levels:
Rules that alert the automatic creation of an intelligence link can be created on the following levels:
NOTE: each user will be alerted according to their set rules.
The alert process is described below:
NOTE: sending an e-mail is optional.
Phase | Description | ||||||
---|---|---|---|---|---|---|---|
1 |
The Analyst creates rules to be alerted of the arrival of certain evidence, agent synchronizations or the automatic creation of intelligence entities or links. Rules log the alerts, notify them on the RCS Console and send them via e-mail (optional). |
||||||
2 |
The system taps the incoming evidence or analyzes the element it is creating and compares it with the alert rules.
|
||||||
3 |
The Analyst receives an alert e-mail (if set by the alert rule) and checks the alert log. From an alert, directly open the evidence that generated it or the created entity or the link view. |
||||||
4 |
After checking, the Analyst deletes the alert logs. |