Skip to content
Robost Help

Investigating an Alert

Opening an alert gives you the full context you need to decide whether an event requires action. From the Alerts inbox, click View Alert Details → on any card to navigate to /alerts/:id.

Page header

Section titled “Page header”

At the top of the detail page you see the alert’s Violation ID and an Alert Raised timestamp. To the right is the Actions button, which opens a dropdown with triage options.

Detail tabs

Section titled “Detail tabs”

The main card has three tabs: Summary, Actions Taken, and Employee & App.

Summary tab

Section titled “Summary tab”

The Summary tab shows:

  • Alert Summary — an AI-generated description of what was detected
  • Data Submitted To — the AI service or model the prompt was sent to, if recorded
  • Action badge — the action the browser extension captured: Intervention Ignored, Input Cancelled, or Input Edited
  • Detection tags — the detection types flagged on the alert; click any tag to open a definition modal explaining that detection type

Actions Taken tab

Section titled “Actions Taken tab”

Shows additional actions recorded for the alert. If none are present, the tab displays “No additional actions recorded for this alert.”

Employee & App tab

Section titled “Employee & App tab”

Shows aggregated context fetched for the alert:

  • Employee Overview — the employee’s override rate (%) and a Top Apps list for that employee
  • App Context — number of employees using the application, alert count for the last 30 days, and the login account type

Collapsible sections

Section titled “Collapsible sections”

Below the tabs, two collapsible sections are available:

  • Prompt Details — the full text of the prompt the employee submitted
  • Employee Justification — the justification the employee provided, if any (this section only appears when a justification is present)
Section titled “Right sidebar”

A sidebar panel labelled Employee & Application Overview shows the employee’s name, department, email, and total alerts raised, alongside the application name, risk level, and app user login. Two links let you navigate directly to the full employee or application records:

  • View Employee Details — navigates to /employees/:id
  • View App Details — navigates to /applications/:id

Triage actions

Section titled “Triage actions”

Click the Actions button to open the triage dropdown. Two options are available:

  • Mark as Reviewed — sets the alert status to acknowledged
  • Escalate — sets the alert status to escalated

The alert re-loads in place once the status change is saved.

Feedback

Section titled “Feedback”

Each alert card and the detail page both show feedback buttons in the top-right corner. Use the thumbs-up button to mark an alert as a true positive or the thumbs-down button to mark it as a false positive. You can also click the comment icon to attach a short text note. If you try to close the comment panel with an unsaved change, a confirmation dialog asks you to confirm discarding it.