Alerts Workflow
You can assign workflow statuses to alerts and are useful to help you track progress of an alert. From the Statuses view you manage the statuses. Statuses are either preset by Proofpoint or customized for your organization with a name that will be useful in your workflow analysis.
By default, all new alerts are initially assigned the status of New. You change statuses from the Alerts view.
This feature is available on request. Contact your Proofpoint representative.
Statuses View
To access the Statuses view, from Proofpoint Information and Cloud Security Platform, select the Administration app. Select Definitions > Alerts Workflow.
Statuses view shows:
-
Name: Name of the status. This field is customizable. You can select a name that will be most useful for your organization's workflow
-
Category: Categories are predefined by Proofpoint. With customized statuses, you select the category you want.
-
Created by: Name of admin who created the status or Proofpoint.
-
Modified on: Date the Status was modified, enabled or disabled. For Proofpoint statuses, this field remains Proofpoint. For customized statuses, this field reflects who created or made a change.
-
Enabled/Disabled: When this field is enabled, the status appears as one of the dropdown options in the Alerts screen. When it is disabled it does not appear in the dropdown.
Details
For details or to edit or delete any status, click the status and the details panel opens. You cannot edit or delete Proofpoint statuses.
To edit, click Edit and to delete, select Delete from the Actions dropdown.
Creating a Customized Status
-
From the Administration application, select Definitions > Alerts Workflow.
-
In the Statuses view, click New Status .
-
From the Category dropdown, select the category you want. These are preset by Proofpoint and you must select one.
-
In the Name field, enter the name you want.
-
Click Save.
Proofpoint Preset Statuses
The table describes the workflow statuses provided by Proofpoint.
| Name | Category |
|---|---|
| Compromised |
Closed - Confirmed Compromised |
| Resolved |
Closed - Confirmed Malicious |
| Not an issue |
Closed - Confirmed Negligent (Not important) |
| False Positive | Closed - False Positive |
| On hold | Open - Blocked |
| Escalated | Open - Blocked |
| In progress | Open - In progress |
| New | Pending - New |
| Reopened | Pending - Reopened |
Filtering by Workflow Status
To filter by status Name in the Alerts or Exploration views, select Workflow > Status.
To filter by status Category in the Alerts or Exploration views, select Workflow > Disposition Category.
Is there a way to do a bulk change to the statuses?
Statuses Notes
This is a new feature available since what release
If you used the Workflow statuses prior to this feature, they will remain associated with the alerts they were assigned to.
The New status may appear twice if you used Workflow status prior to this feature release. When these alerts are no longer retained this will no longer happen.
Statuses assigned before this feature was released appear with (Deprecated) next to the name.