Can someone help me with the following questions. How long are alerts in the IDR available after they are closed? And in order to be available where can I consult them? Are they kept somewhere?
@paulo_silva alerts should always be available for you even after they are closed. You can find them by going into your Investigations tab within IDR, and adjusting the filter on the left side of the screen, work from top to bottom. Start off with expanding your date range, then ensure you select the “closed” check box. From there you can either manipulate the alerts by attack chain or alert type to further drill down, but all the closed investigations will be slightly greyed out:
Thank you very much @stephen_davis. My question is more about how many months or years the alerts are available?
My pleasure! I’m finding out the answer to that specific question as I’m typing this!
Edit: Just spoke with the engineers and their answer is…FOREVER!!
Good. :). Thank you.