# User Quickstart

Radiant is an AI-powered security operations platform that automatically triages every ingested alert—classifying it, enriching its artifacts, executing an investigation plan, and assigning a verdict—so your team focuses on threats that require human action. \
\
This guide covers the four tasks every analyst should complete when they first access Radiant:

* [Log in to Radiant](https://app.radiantsecurity.ai/)
* [Configure your notifications](https://help.radiantsecurity.ai/manage-radiant/user-settings/account-notifications)
* [Triage your first alert](https://help.radiantsecurity.ai/radiant-alerts/radiant-alerts)
* [Escalate an alert to a case](https://help.radiantsecurity.ai/radiant-cases/radiant-cases/escalate-and-manage-cases)

### Prerequisites

Before you begin, confirm the following:

* [ ] Your administrator has created your account and sent you an invitation email. The invitation link expires after 24 hours. If yours has expired, contact your administrator to resend it.
* [ ] Your organization's SSO and MFA are configured. You will need your SSO credentials to log in.

### Log in to Radiant

1. Open the invitation email from Radiant Security and click the activation link.
2. Complete MFA enrollment as prompted.
3. Log in at Radiant Security using your SSO credentials.

{% hint style="info" %}
**Note:** If you experience login issues, confirm with your administrator that SSO is configured for your organization and that your account has been provisioned.
{% endhint %}

### Configure your notifications

Before you begin working through your alert queue, configure your notification preferences. Radiant notifies you by email when alerts are triaged, when you are assigned to a case, and when you are mentioned in a case note.

1. In the left navigation, click the **Settings** (gear) icon.
2. Under **Account Settings**, click **Notifications**.
3. In the **Email notifications** row, use the drop-down menu to set your preferred delivery frequency: **Instantly**, **Daily**, or **Weekly**.
4. To control which events trigger notifications, click the arrow icon beside the drop-down and use the toggles on the configuration page.

For a full description of each notification event and how to configure them, see [Account Notifications](https://help.radiantsecurity.ai/manage-radiant/user-settings/account-notifications).

### Triage your first alert

The **Alerts** page is where Radiant's alert triage results become visible. Every alert displayed here has already passed through the full triage pipeline and been assigned a verdict. Your role is to review that verdict, assess the reasoning behind it, and confirm or override it.

For a full reference of the Alerts page, including the Duplicate Alerts panel and the Triage Results tab, see [Radiant Alerts](https://help.radiantsecurity.ai/radiant-alerts/radiant-alerts).

#### Understand the verdict

When you open an alert, the first thing to read is the **verdict badge** at the top of the page. This is Radiant's assessment:

* <mark style="color:$primary;">**Recommended Malicious:**</mark> Radiant found sufficient evidence that the alert represents a genuine threat.
* <mark style="color:$info;">**Likely Benign:**</mark> Radiant could not reach a confident conclusion with the available data.
* <mark style="color:$success;">**Recommended Benign:**</mark> Radiant found sufficient evidence that the alert is not a genuine threat.

The **Overview** tab below the header is designed to be scanned. Use it to orient before you investigate. It surfaces the critical triage fields you need for most L1 decisions without reading the full alert first. The left panel gives you a standardized breakdown of the alert: What was detected, where it originated, what action was taken, and how the vendor responded. The center panel contains Radiant's plain-language conclusion and the key findings that support it. The right panel lists the artifacts extracted from the alert, organized by type.

#### Validate the reasoning

When you want to understand or challenge the evidence behind the verdict, open the **Triage Results** tab. This tab shows the complete investigation: every task Radiant executed, the finding from each task, and the queries run against your connected data sources. Task rows are color-coded to indicate their individual finding: red for malicious, yellow for inconclusive, green for benign.

#### Confirm or override the verdict

Radiant automatically recommends a verdict for every alert, but the final call is yours. Use the verdict controls to confirm Radiant's recommendation when you agree, or override it when your investigation leads you to a different conclusion. Every decision you record, confirmation or override, is logged and used to improve future triage accuracy for your organization.

After reviewing the alert, record your decision using the controls in the top-right corner. The layout reflects Radiant's confidence level: the primary button always surfaces the recommendation, and the overflow menu provides the override.

Clicking either control opens a confirmation showing the verdict change:

* Confirming the recommendation reinforces the current verdict.
* Overriding the recommendation shows the verdict switching from Radiant's suggestion to your own.

Both include a note field; use it to document your reasoning for teammates or for the record.

| Verdict               | Primary button              | Three-dot menu              |
| --------------------- | --------------------------- | --------------------------- |
| Recommended Malicious | Mark Malicious              | Mark Benign, Add to Case    |
| Recommended Benign    | Mark Benign                 | Mark Malicious, Add to Case |
| Likely Benign         | Mark Malicious, Mark Benign | Add to Case                 |

Once you act, the "Recommended" qualifier is removed and the alert status reflects your decision: **Malicious** or **Benign**. If you need to reverse a decision, the same controls remain available.

### Escalate an alert to a case

When an alert requires deeper investigation, formal ownership, or coordinated response across your team, escalate it to a case. A case is a dedicated workspace where you can group related alerts, assign an owner, track the investigation lifecycle, and execute response actions on specific artifacts.

Radiant does not automatically escalate alerts to cases. That decision belongs to you.

To escalate an alert to a case:

1. Open the alert you want to escalate.
2. Click the overflow menu in the top-right corner of the alert page.
3. Select **Add to Case**.
4. Choose to create a new case or add the alert to an existing one.

For a complete walkthrough of case creation, assignment, severity levels, case notes, and lifecycle management, see [Escalate and Manage Cases](https://help.radiantsecurity.ai/radiant-cases/radiant-cases/escalate-and-manage-cases).

### Next steps

The following articles are recommended reading as you build familiarity with the platform:

* [Key Concepts and Glossary](https://help.radiantsecurity.ai/welcome-to-radiant/get-started/user-quickstart/key-concepts-and-glossary) - Definitions of the core terms and objects you will encounter in Radiant.
* [Radiant Alerts](https://help.radiantsecurity.ai/radiant-alerts/radiant-alerts) - Full reference for the Alerts page, the Duplicate Alerts panel, and the Triage Results tab.
* [Radiant Cases](https://help.radiantsecurity.ai/radiant-cases/radiant-cases) - Overview of the case lifecycle, capabilities, and when to use cases versus the Alerts feed.
* [Escalate and Manage Cases](https://help.radiantsecurity.ai/radiant-cases/radiant-cases/escalate-and-manage-cases) - Step-by-step guide for case creation, assignment, and lifecycle management.
* [Response Actions in Cases](https://help.radiantsecurity.ai/radiant-cases/radiant-cases/response-actions-in-cases) - How to execute response actions directly from an active investigation.