Escalations Page

Escalation is a collection of datapoints and indicators that suggest potential compromise of a system, misconfiguration within the security stack, or of a general security concern. Escalations are created and curated by the Fortified SOC with the intent of delivery to our clients.

You can view the escalations either from the Escalations left-side menu or by selecting the Escalations tab directly in the SIEM, IoMT, MDR, and XDR. 

The Escalations table contains the following columns:

Escalations page

  • Service—shows the name of the service.
  • Severity—a categorization of the risk and urgency of an alarm (High, Medium, Low).
  • Status—shows status of the escalation. By default, escalations in the status of Pending Approval are not visible to the client. After they are approved from the Fortified side, the status changes to Open, and they become visible to the client.
  • Escalation Name—shows the name of escalation that is taken from the event name.
  • Acknowledged—shows if this escalation is acknowledged by the Fortified side.
  • Time Created—shows time when the escalation was created.
  • Assigned to—a person who created and approved the escalation.
  • Acknowledged by—a person who acknowledged the escalation.
  • Remediated by—a person who remediated the escalation.
  • Actions—contains the list of actions that you can perform with escalation depending on your permissions.

Additionally, you can apply filters to the escalations and sort them by Severity, Status, Acknowledged, Assignment and Time

  • By default, all escalations are filtered by Time Created. All escalation statuses, except for Closed, are displayed in the list.

To clear all filters, select the Clear Filters button next to the Search field.
Escalations filters
Depending on your permissions, you can perform different actions on the escalation, such as:

  • View—view the details of the escalation.
  • Download—select the checkbox near the escalation you want to download and then select the Download icon in the Actions column. 
  • Acknowledge—indicates that the user has read and acknowledged the information on escalation.
  • Assign—assign the escalation for further approvement.
  • Mark as remediated—mark as remediated to resolve the escalation. The status changes to Closed in the Status column.
  • Ask question—ask question about escalation that will display in the communication thread.

Escalations actions

After you open the escalation details, you can use the Chat with analyst function to address questions or concerns on the escalation received. You’ll also see Chat with analyst in the email notification you receive. For more information, see the Start Chat from Escalation topic.

Related Topics

Fortified Client Access

Left-Side Menu (Client Access)

Escalations Page