To create a queue, follow the steps below.
- Head over to Workflows > Queues:
- Press the + Create A New Queue button. A prompt will appear:
- Fill in the required information:
The only non-optional item is the name.
This is optional. Please use a description that your agents will understand.
Here you can choose the rule in which the alerts created by said rule will filter into your new alert queue. This is optional but must be filled in later if omitted during queue creation (fill it in during rule creation).
Route alerts to a queue using the rule's logic (or by manually assigning it after the alert is generated).
A RULE CAN BE ASSOCIATED WITH ONLY 1 QUEUE.
If rule is already associated with another queue, it will get disassociated from that queue immediately.
Here you can choose which team or teams can read alerts in this new queue.
Only agents who are assigned to a queue can investigate its alerts.
The investigation checklist that will be attached to alerts in this queue.
Alert Count Threshold:
If the alert count in this queue surpasses the lower threshold, the number turns yellow. If the alert count in this queue surpasses the upper threshold, the number turns red.
Order in which alerts are consumed from this queue when agents click the Get More Alerts button. There are three ways to designate the order in which alerts are investigated:
|If you select...
|then agents will...
|Oldest Creation Date
|investigate in the order the alerts were created
|Highest Transaction Value
|investigate starting with the alert whose events have the highest transaction sum
|Highest Risk Score
|no longer used
|Highest Alert Score
|investigate starting with the entity that has the highest alert score