Alerts

An alert is a raw, individual AI detection alert (for example, "Agent has sensitive data in his knowledge base", "User prompt contains access data", etc.). Alone, an alert may not be actionable. The Alerts page in Tenable AI Exposure allows you to view all of your AI security alerts to give you a holistic view of how these alerts affect your overall AI security posture.

To access the Alerts page:

  1. In the left navigation menu, click Findings.

    The Findings page appears. By default, the Findings tab is selected.

  2. Click the Alerts tab.

    The Alerts page appears.

  3. (Optional) In the upper-right corner of the page, from the drop-down menu, select a time frame by which you want to filter all data on the Alerts page.

    The data on the page updates automatically based on your selection.

  4. At the top of the page, select whether you want to view your alerts Per category or Per subcategory.

    The data on the page updates automatically based on your selection.

The Alerts page includes the following sections:

Alerts Overview

The alerts overview is a scrollable categorization of your alerts.

Here, you can:

  • View the total number of alerts within each category or subcategory.

  • At the top of the section, select whether you want to view your alerts Per category or Per subcategory.

    The categories listed and their relevant data updates automatically.

  • Click the and buttons to scroll through the list of categories.

Alerts and prevention over time

The Alerts over time section includes a graphical representation of your total number of alerts over a specific time frame.

Tip: You can change the time frame in the upper-right corner of the page.

Here, you can:

  • Hover over any point on the graph to view the number of alerts and prevented alerts on that specific date.

Alerts List

At the bottom of the page, you can view a list of all alerts within your Tenable AI Exposure container.

Here, you can:

  • Use the search bar to search for a specific alert in the list.

  • Filter the list:

    1. Above the list, use one or more of the following filters to adjust the data displayed in the list:

      • Severity

      • Category

      • Subcategory

      • Users

      Tenable AI Exposure updates the list based on your selection.

    2. Click Clear Filters to clear any filters applied to the list.

  • Export the list:

    1. In the upper-right corner, click Export to CSV.

      Tenable AI Exposure exports the list in CSV format and saves it to your local downloads folder.

  • Manage the columns in the list:

    1. In the upper-right corner, click the button.

      A menu appears.

    2. Select or deselect columns to show or hide them within the list.

  • Classify one or more alerts in the list:

    1. In the list, select the check box next to each alert you want to classify.

      A dialog appears at the bottom of the page.

    2. Click the icon.

      A list of options appears.

    3. Select one of the following options:

      • True Positive — Mark the alert(s) as legitimate violations that has been resolved.

      • Benign Positive — Mark the alert(s) as expected behavior that appears suspicious, but is actually benign.

      • False Positive — Mark the alert(s) as alerts that were triggered incorrectly, and are not an actual risk.

      A confirmation message appears and Tenable AI Exposure applies the selected classification to the alert(s).

  • Click on a alert within the list to navigate directly to the Alert Details for that alert.

  • View the following information about your alerts:

    • Severity — The color coded severity category that indicates how critical the alert is, for example, Critical or Medium.

    • Subcategory — The subcategory to which the alert belongs, for example Email, Access Key, or URL.

    • Evidence — The evidence associated with the alert.

      Tip: Click to view the evidence directly in the alert details panel.

    • User — The Tenable AI Exposure user responsible for generating the alert.

    • Date and Time — The date and time at which the alert occurred.

    • Classification — The classification of the alert.

      1. In the drop-down, click the button.

        A menu appears.

      2. Select one of the following options:

        • True Positive — Mark the alert as a legitimate violation that has been resolved.

        • Benign Positive — Mark the alert as expected behavior that appears suspicious, but is actually benign.

        • False Positive — Mark the alert as an alert that was triggered incorrectly, and are not an actual risk.

        A confirmation message appears and Tenable AI Exposure applies the selected classification to the alert.