Acknowledge detections

acknowledgments provide a visual way to identify that a detection has been seen. You can acknowledge a detection to let team members know that you are investigating a ticket or that the issue has been triaged and should be prioritized for follow-up. You can also filter your view of detections to show only unacknowledged detections.

Before you begin

Users must have limited-write or higher privileges to acknowledge a detection or clear an acknowledgment.
Here are important considerations about acknowledging detections:
  • An acknowledgment does not hide the detection.
  • After a detection is acknowledged, a timestamp and the username of the person who acknowledged the detection is displayed.
  • An acknowledgment can be cleared by any user, even if they are not the user that originally acknowledged the detection.

To acknowledge a detection, complete the following steps:

  1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
  2. At the top of the page, click Detections.
  3. Click Acknowledge from the lower-left corner of the detection card.
    The detection displays the username and timestamp. Click Reset to clear an acknowledgment.
Published 2021-07-21 15:27