Threat Center

In Threat Center, you can manage alerts and alert collections called cases to swiftly identify threatening actions and respond promptly to mitigate each issue.

• Using Cases: A case is an aggregated set of alerts that together represent a meaningful security finding.

• Viewing Alerts: Select Threat Center > Alerts.

• Viewing Alert Details: Click the Alert Name to view its details panel.

• Resolving Alerts: Each new alert is unresolved by default.

Notifications and Integration

The Platform does not currently send email notifications for Threat Center alerts directly. To receive real-time notifications when alerts are generated, configure a webhook to forward alert events to your SIEM, SOAR, or notification endpoint. You can filter webhook triggers by service and severity level. To receive periodic summary reports of ITP findings by email, see Recurring Reports.

Throughout this chapter on ITP/PCCE, the terms users, accounts, and identities generally refer to cloud service users/accounts or cloud identities, and not to Platform users.