Taking Action on Health Alerts

The ability to direct focused action on health alerts related to connector offline and billable ingestion has been introduced to your Clarity portal. This guide is designed to help you confidently navigate and make the most of Clarity’s enhanced design and functionality.

When taking action on a heath alert in Clarity, follow these steps to accurately confirm the appropriate activity.

Step 1: Start Health Alert Action

• Select the Action
  Using the ‘Action’ button in the top right navigation of your Clarity ticket, select the action you wish to perform for the alert.

Step 2: Complete the Action Fields

Connector Offline

For Connector Offline alerts there are three possible actions that can be taken.

1. Send Back to Quorum Cyber: This option is used when the Quorum Cyber team needs to perform an action not provided in your action button or needs to provide additional information. A mandatory comment box is provided to include details on what is required.

QC Action: The Quorum Cyber team will evaluate the details and respond accordingly.

2. Mark as Expected Behaviour: This option is used when a connector is expected to be offline for a period of time.

A mandatory calendar entry is provided to include details on when the connector alert can be reenabled.

Once a date has been selected, the form will display as follows with an optional explanation box that can be used if additional context is needed.

QC Action: The Quorum Cyber team will place the alert on hold until 09:00GMT on the morning of the date selected. When this time passes, the alert will resume firing.

3. Mark Permanently Offline: The option is used when a connector no longer needs to be monitored.

QC Action: The Quorum Cyber team will permanently remove this connector from monitoring.

Billable Ingestion

For Billable Ingestion alerts there are two possible actions that can be taken.

1. Send Back to Quorum Cyber: This option is used when the Quorum Cyber team needs to perform an action not provided in your action button or needs to provide additional information. A mandatory comment box is provided to include details on what is required.

QC Action: The Quorum Cyber team will evaluate the details and respond accordingly.

2. Mark as Expected Behaviour: This option is used when the ingestion rate that is generating the alert is expected.

QC Action: The Quorum Cyber team will place the alert on hold for 14 days. When this time passes, the alert will resume firing.

Step 3: Finalise the Action

• Submit
  Click Submit (Send Back to Quorum Cyber action), Put on Hold (Mark as Expected Activity action) or Confirm (Mark as Permanently Offline action) to apply the choices.

• Cancel
  Click Cancel if you do not wish to proceed.

Step 4: Automated Ticket Updates

When you have finalised your ticket, you will see 2 key updates:

1. The ‘Assignee’ field updates from ‘Unassigned’ to your name

2. The status field updates from 'Customer Action' to 'Queued - with <Quorum Cyber team>

3. The ‘Timeline’ reflects when you updated the ticket, the options chosen and any notes added in the comment box.