WebsiteTest Drive

The Basics

What is an Alert?

An Alert is a notification generated when a potential security event, policy violation, or suspicious activity is detected in one of your connected data sources. Alerts are the starting point for an investigation.

Alerts often contain key information such as the triggering conditions, relevant metadata, and a link to supporting evidence. Dropzone investigates alerts to determine severity, ask the associated user relevant questions, and/or dismiss it if it is a false positive.

What alert types can Dropzone process?

Dropzone can ingest and process a wide range of alert types depending on the integrations you enable.

Examples include:

  • Security alerts from SIEM, EDR, or other platforms (for example, unusual login activity, privilege * escalation, or endpoint threats)

  • Compliance alerts such as policy violations, unauthorized data access, or suspicious file sharing

  • Phishing emails

  • Operational alerts like data loss prevention or cloud posture alerts when tied to security or compliance impact

Each integration may define its own categories and fields, but Dropzone standardizes them so we can investigate consistently across different systems.

What is an Alert Source?

An Alert Source is any external system that provides alerts or event data to Dropzone AI.

Typical sources include:

  • Security tools such as SIEM, IDS/IPS, endpoint protection, or cloud security platforms

  • Compliance or audit logs from SaaS applications

  • Internal systems that generate custom alerts

Alert Sources are configured during onboarding and can be added throughout your contract. Once connected, Dropzone continuously ingests alerts or data from each source and presents them in a unified investigation queue.

What is a Data Source?

A Data Source is any system with information that Dropzone would use to investigate your security alerts.

Typical sources include:

  • Threat intelligence and reputation services (those that are included in your Dropzone subscription, as well as any others that you subscribe to)

  • Security tools that you have deployed

  • Business systems such as Microsoft 365 and Google Workspace

Data Sources are configured during onboarding and can be added throughout your contract. Once connected, Dropzone uses these Data Sources at its disposal to investigate security alerts.

You can see our full list of Integrations here.

PreviousOverviewNextAlert Sources

Last updated

Was this helpful?