Disposition of Alerts

A disposition is the final assessment of an alert by an analyst. The value can be changed multiple times. Each time the disposition value changes the alert is re-analyzed by the engine allowing for further correlation based on the new value.

See the user guide for a detailed explanation of the base dispositions.