How to Triage Alerts Like a Pro

Pick an alert. Any alert.

You have 847 unacknowledged alerts. Start with the most recent — or the oldest, or the one with the most alarming-sounding name. There is no wrong choice here. There is, however, a right choice. Without Exabot Triage, you will not know which one that is until later.

Assess severity. Is it bad?

Hard to say. Consider: the asset involved, the nature of the activity, the time of day, and your gut. Your gut has a 34% accuracy rate on P1 detections. That is lower than a coin flip — but higher than asking the colleague who is on PTO.

Mark it P2 and move on.

P1 feels like an overreaction. P3 feels like you're not taking it seriously. P2 is the diplomatic middle ground. This is, statistically, the most common human triage outcome. Exabot Triage would have given it a 94/100 severity score in 40 milliseconds.

Move on to the next alert.

You have 846 remaining. At roughly 3 minutes per alert, you will finish the queue in approximately 42 hours. New alerts are being generated at a rate of 60 per hour. The math is not favorable.

It was a P0.

The alert you marked P2 in step 3 was a P0. This will become clear when someone calls you. The call will begin with "so, about that alert from this morning." You will remember which alert. You will not say anything.

Update your resume.

Not because you're fired — just because it's good practice. Also: now is a reasonable time to reconsider your position on the strike.