Guides

Guides are little instruction manuals for your analysts. Tied to the type of alert received, they provide a place to store documentation about how to proceed with the investigation of the alert. This can be a very powerful tool to train and bring new staff up to speed quickly. New analysts can use the guide to quickly start contributing to alert triage and can help experienced staff remember all the steps to consider.

Example Guide for a fictitious alert: Guide Detail Guide Detail

The more effort a team puts into their guides, the more efficient and effective the team will become. Since guides are essentially a collection of Entries, the team can update, annotate, and contribute additional instructions as necessary.