Understanding Alerts
Alerts are at the core of Containment.AI's monitoring system. This guide explains what alerts are, how they're generated, and what information they contain.
What is an Alert?
An alert is generated when:
- A user attempts to send content to an AI platform that violates a policy
- A policy rule is triggered based on content patterns
- Suspicious AI interaction patterns are detected
Alerts provide visibility into potential data leakage and policy violations across your organization.
Alert Lifecycle
Alerts progress through these states:
Created → Acknowledged → Resolved
↓
Dismissed
| Status | Description |
|---|---|
| New | Just created, needs attention |
| Acknowledged | Admin has seen and is investigating |
| Resolved | Issue addressed, alert closed |
| Dismissed | False positive or not actionable |
Severity Levels
Alerts are classified by severity:
Critical
- Highly sensitive data detected (SSN, passwords, API keys)
- Requires immediate attention
- May indicate active data breach
High
- Sensitive PII detected (emails, phone numbers)
- Confidential business information
- Should be reviewed within hours
Medium
- Potential policy violations
- Ambiguous content matches
- Review within business day
Low
- Minor policy triggers
- Informational alerts
- Review as time permits
Alert Information
Each alert contains:
Basic Information
- Alert ID - Unique identifier
- Created At - When the alert was generated
- Status - Current alert status
- Severity - Risk level
Context
- User - Who triggered the alert
- Platform - Which AI service (ChatGPT, Claude, etc.)
- Policy - Which policy was triggered
- Action Taken - Block, warn, or log
Content Details
- Matched Pattern - What triggered the policy
- Content Preview - Snippet of the flagged content
- Full Context - Surrounding text (if configured)
Metadata
- Device - Browser, OS information
- Location - IP-based location (if enabled)
- Session - Conversation context
Alert Types
Data Leakage Alerts
Triggered when sensitive data patterns are detected:
- Social Security Numbers
- Credit card numbers
- API keys and secrets
- Passwords and credentials
- Medical information (PHI)
- Financial data
Policy Violation Alerts
Triggered by custom policy rules:
- Prohibited topics
- Confidential project names
- Customer data patterns
- Code or intellectual property
Behavioral Alerts
Triggered by usage patterns:
- Unusual volume of AI usage
- Off-hours activity
- Rapid consecutive requests
- Large data transfers
Alert Details View
Click an alert to see full details:
Summary Section
- Severity badge and status
- User information
- Quick action buttons
Timeline
- When the alert was created
- Status changes
- Admin actions taken
Content Analysis
- Highlighted matched patterns
- Policy rule that triggered
- Confidence score
User Context
- User's alert history
- Device information
- Recent activity
Actions
- Change status
- Add notes
- Grant exception
- Contact user
Alert Notifications
Configure how you're notified:
In-App Notifications
- Badge on alerts icon
- Toast notifications
- Dashboard widget
Email Notifications
- Immediate for critical
- Daily digest option
- Customizable thresholds
Integrations
- Slack/Teams messages
- SIEM forwarding
- Webhook triggers
Best Practices
Triage Workflow
- Review Critical First - Prioritize by severity
- Check Context - Understand what happened
- Determine Intent - Accidental vs. intentional
- Take Action - Resolve, escalate, or dismiss
- Document - Add notes for audit trail
Reducing False Positives
- Tune policy sensitivity
- Add allowed patterns/exceptions
- Review and adjust regularly
- Train users on acceptable use
Investigation Tips
- Look at user's full history
- Check if pattern repeats
- Consider business context
- Consult with the user if needed
Alert Retention
Alerts are retained based on your plan:
| Plan | Retention |
|---|---|
| Free | 30 days |
| Professional | 365 days |
| Enterprise | 12+ months (customizable) |
Resolved alerts can be exported before deletion.
Related Topics
- Managing Alerts - Handle alerts effectively
- Alert Filters - Find specific alerts
- Audit Logs - Detailed event history