One feed for compliance violations, real-time alerts, and behavioral anomalies.
Security Events is a unified feed of three signal types: violations (control failures), alerts (real-time security events ingested from connectors), and anomalies (behavioral findings like role creep or dormant-admin activity). Each item has a severity (critical / high / medium / low) and a status you move through as you triage.
Open Security Events from the sidebar to see the combined feed.
Filter by type (violation, alert, anomaly), severity, and status to focus on what matters now.
Click into an item to see its details, the evidence behind it, and the affected identity or resource.
Move an item through its status lifecycle — open, acknowledged, remediating, resolved, or dismissed — as you work it.
Escalate items that need a tracked remediation plan into the Compliance Ops POAM workflow or into Investigations.
Jump straight to the feature, or browse the rest of the guides.