Sentinel Alerts
Sentinel alerts are generated based on the Sentinel configuration saved by the user when adding a Sentinel integration. When a workflow detects an asset matching the conditions set in the workflow, a Sentinel incident will be created.
The Sentinel incident title will include a short summary of the failed criteria and a description with more details such as Resource Type, Asset, Failed Conditions etc.
When there is an update to the properties of an asset such as vulnerability count change or the asset does not have sensitive data anymore, the Sentinel incident already created by the respective workflow will be updated by Plerion. A comment will be added to the incident notifying users about the change.
When an asset does not match any of the failing conditions of a workflow anymore, the incident gets moved to 'Resolved' status and a comment is saved on the incident with this information.
