Alert Details¶
The Alert Details view shows everything Parapet Security knows about an alert, including AI triage results, recommendations, and the original data.
Opening Alert Details¶
Click any alert in the Alert List to open the detail view.
Detail View Layout¶
┌─────────────────────────────────────────────────────────────────┐
│ ← Back to Alerts [Actions ▼]│
├─────────────────────────────────────────────────────────────────┤
│ │
│ SSH Brute Force Attack Detected │
│ ● Critical Authentication Wazuh 2 min ago │
│ │
├────────────────────────────┬────────────────────────────────────┤
│ AI Triage │ Affected Entities │
│ ─────────── │ ───────────────── │
│ Severity: Critical │ Hosts: web-server-01 │
│ Confidence: 94% │ Users: root │
│ FP Likelihood: Low (8%) │ Source IPs: 45.227.253.98 │
│ │ │
│ MITRE ATT&CK: │ Recommendations │
│ • TA0006 Credential Access│ ──────────────── │
│ • T1110.001 Brute Force │ 1. Block source IP at firewall │
│ │ 2. Review auth logs │
│ │ 3. Enable SSH key-only auth │
├────────────────────────────┴────────────────────────────────────┤
│ Raw Payload [Expand] │
│ ───────────── │
│ {"rule":{"level":12,"description":"SSH brute force"...} │
│ │
└─────────────────────────────────────────────────────────────────┘
AI Triage Section¶
Severity Assessment¶
The AI-assigned severity level:
| Level | Color | Meaning |
|---|---|---|
| Critical | Active breach or immediate threat | |
| High | Serious threat requiring quick action | |
| Medium | Potential threat to investigate | |
| Low | Informational or minor concern |
AI Re-evaluation
Parapet Security may assign a different severity than your SIEM. This is intentional - the AI considers additional context.
Confidence Score¶
How certain the AI is about its analysis:
| Score | Meaning | Action |
|---|---|---|
| 90-100% | Very confident | Trust the triage |
| 70-89% | Confident | Generally reliable |
| 50-69% | Moderate | Review manually |
| Below 50% | Low confidence | Manual review required |
False Positive Likelihood¶
The AI's estimate of whether this is a real threat:
| Likelihood | Meaning |
|---|---|
| Low (<20%) | Likely a real threat |
| Medium (20-50%) | Could be either |
| High (>50%) | Probably false positive |
MITRE ATT&CK Mapping¶
When applicable, the AI maps alerts to the MITRE ATT&CK framework:
- Tactics (TA####) - High-level adversary goals
- Techniques (T####) - Specific methods used
Click any mapping to view details on the MITRE website.
Affected Entities¶
The AI extracts key entities from the alert:
| Entity Type | Examples |
|---|---|
| Hosts | Servers, workstations, devices |
| Users | User accounts, service accounts |
| Source IPs | External attacking IPs |
| Destination IPs | Internal targets |
| Files | File paths, hashes |
| Processes | Process names, command lines |
| Domains | URLs, domain names |
Recommendations¶
The AI provides actionable next steps tailored to the alert:
Sample Recommendations
- Immediate: Block source IP 45.227.253.98 at firewall
- Investigation: Check auth logs for successful logins from this IP
- Remediation: Enable SSH key-only authentication
- Long-term: Consider implementing fail2ban
Recommendations are prioritized by urgency:
- Immediate - Do now
- Investigation - Gather more info
- Remediation - Fix the issue
- Long-term - Prevent recurrence
Raw Payload¶
The original alert from your SIEM (with secrets redacted):
- Click Expand to view full payload
- Click Copy to copy to clipboard
- Formatted as JSON with syntax highlighting
Secret Scrubbing
Passwords, API keys, and other secrets are automatically replaced with [REDACTED] before storage.
Actions Menu¶
The actions menu provides:
| Action | Description |
|---|---|
| Mark Reviewed | Mark alert as reviewed |
| Dismiss | Mark as false positive |
| Copy ID | Copy alert ID to clipboard |
| Export JSON | Download alert as JSON file |
| Open in SIEM | Link to original alert (if available) |
Timeline¶
For alerts with multiple related events, a timeline shows:
Timeline
────────
15:30:00 First failed login attempt
15:30:15 Second failed login attempt
15:30:30 Third failed login attempt
...
15:35:00 Alert generated by SIEM
15:35:02 Received by Parapet Security
15:35:12 AI triage complete
Related Alerts¶
The AI identifies potentially related alerts:
- Same source IP
- Same target host
- Same attack pattern
- Same time window
Click any related alert to view its details.
Feedback¶
Help improve the AI by providing feedback:
- Correct - AI got it right
- Incorrect Severity - Severity was wrong
- False Positive - This wasn't a real threat
- Missing Info - Important details were missed
Your feedback trains the AI to be more accurate.
Next Steps¶
- Master Filters - Find specific alerts quickly
- Configure Notifications - Get alerted to critical issues
- Troubleshoot Issues - If something isn't working