Skip to main content


This page displays all the recommendations assigned to your company by the SOC team.

Recommendations are a set of instructions and general information provided to your company as a result of an investigation or a hunt.

  • Recommendation ID - the unique ID assigned to each recommendation.

    To view the details for a recommendation in your list, click the recommendation ID. This displays the summary of what the SOC team observed along with a brief recommendation of action suggested from your end.

  • Priority - indicates the order the recommendations should be read and acted on. A recommendation can have one of three priorities:

    • Low

    • Medium

    • High

  • Detected on - the date of the investigation or hunt for which the recommendation was added.

  • Description - provides relevant information about the investigation and the steps that our SOC team is advising you to take to fix a potential threat or problem.

  • Source - the investigation that resulted in this specific recommendation.


    Click on the source number to go to the Investigations or Hunts page and view the linked investigation.

  • Status - displays the status of each investigation.

    A recommendation can have one of these statuses:

    • Open - the information has not yet been read and no action has been taken based on the recommendation.

    • Closed - the recommendation has been ignored.

    • Acknowledged - the information has been read and the recommendation has been acknowledged.


    To change the status of a recommendation, click the menu.PNG vertical ellipsis button at the right side of every row, and either Ignore, Acknowledge or Close the recommendation.

    • Acknowledge - will change the recommendation to Acknowledged state, signalling that you intend to implement the changes.

    • Ignore – close the recommendation, signalling that you do not approve it for your environment and do not intend to implement the changes.

    • Close - after an Acknowledged Recommendation has been implemented, you can then Close the Recommendation, which moves it to the "Closed" state.


      This action will not remove it from visibility. Closed Recommendations move to the bottom of the list. You can filter the list by Open, Acknowledged, Closed.

  • Company - the name of the company for which the recommendation was received.