Skip to main content

Documentation Index

Fetch the complete documentation index at: https://quintsecurity.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

The Alerts page is where security events become actionable. Alerts are generated when agent behavior triggers a policy violation, risk threshold, or threat signature.

Alert Tabs

The page has three tabs:
Unreviewed alerts that need human attention. This is the default view and where you’ll spend most of your time. Alerts are sorted by severity (critical first), then by recency.Pending approval requests (e.g., an agent requesting elevated permissions) are merged into this queue so you have a single place for all items needing action.

Severity Levels

LevelColorMeaning
CriticalRedImmediate threat — data exfiltration, unauthorized access, malicious tool use
HighOrangeSignificant risk — policy violation, unusual behavior pattern
MediumYellowNotable deviation — uncommon but not necessarily malicious
LowBlueInformational — minor anomalies, first-time behaviors

Alert Card

Each alert in the queue shows:
  • Title — what happened (e.g., “Agent accessed sensitive file path”)
  • Severity badge — color-coded severity level
  • Platform & agent — which AI agent triggered the alert
  • Device — which machine it happened on
  • Timestamp — when the event occurred
  • Context snippet — the relevant event data that triggered the alert

Inline Actions

Every alert card has action buttons. No need to navigate away — handle alerts right from the queue.

Investigate

Opens the full session detail view for the session that generated this alert. See the complete timeline and context.

Block Agent

Immediately blocks the agent from further activity. The edge daemon enforces the block within seconds.

Create Policy

Opens the policy editor pre-filled with conditions matching this alert. Turn a one-off detection into a permanent rule.

Dismiss

Dismiss the alert with a required reason: false positive, expected behavior, accepted risk, or duplicate.

Triage Workflow

A typical triage flow:
1

Review the queue

Start with critical alerts. Read the title and context snippet to understand what happened.
2

Investigate if needed

Click “Investigate” to see the full session. Look at what the agent was doing before and after the triggering event.
3

Take action

Based on your investigation:
  • Block if the agent is actively doing something harmful
  • Create Policy if this is a pattern you want to catch going forward
  • Dismiss if it’s a false positive or accepted behavior
4

Move to next alert

Resolved alerts leave the triage queue. Work through until the queue is empty or at an acceptable level.

Pending Approvals

When policies are configured with an approval workflow (rather than auto-block), the agent’s request appears in the triage queue as a special alert type. These show:
  • What the agent is requesting permission to do
  • The policy that caught it
  • A countdown timer (if a timeout is configured)
  • Approve and Deny buttons
If a pending approval expires without action, the default behavior depends on the policy: either the request is auto-denied (fail-closed) or auto-approved (fail-open). Check your policy configuration.

Filtering

Filter alerts by:
  • Severity — critical, high, medium, low
  • Platform — specific AI agent platform
  • Status — unreviewed, investigating, resolved, dismissed
  • Device or agent — narrow to a specific source
  • Time range — respects the global time picker
Bookmark filtered views for quick access. For example, bookmark “Critical + High from last 24h” for your morning triage routine.