Skip to main content
When transactions are flagged by rules, Didit creates alerts that can be organized into cases for structured investigation. Cases group related alerts and transactions, track investigation progress, and maintain an audit trail.

Alerts

Every time a rule matches a transaction, an alert is created. Alerts can also be created manually by analysts or by external providers.

Alert sources

SourceDescription
RuleAutomatically created when a transaction rule matches
ProviderCreated by an external AML or blockchain analytics provider
ManualCreated manually by an analyst from the console

Alert statuses

StatusDescription
OPENNew alert, not yet reviewed
INVESTIGATINGAn analyst is actively working on this alert
AWAITING_USERAdditional information is needed from the user
PENDING_SARUnder review for a Suspicious Activity Report filing
SAR_FILEDA Suspicious Activity Report has been filed
RESOLVEDInvestigation complete — no further action needed
DISMISSEDAlert reviewed and determined to be a false positive

Cases

A case is an investigation container that links together related alerts and transactions for a structured review workflow.

Case workflow

Triage

Review incoming alerts in the Transactions section of the console. Group related alerts into a new case or add them to an existing case.

Assign

Assign the case to an analyst for investigation. Track assignment and response times for SLA monitoring.

Investigate

Analysts review the linked transactions, user verification history, AML screening results, and any attached evidence. Add internal notes and document findings.

Resolve

Close the case with a resolution — escalate to SAR filing, dismiss as false positive, or take action (e.g., block the user, decline future transactions). The resolution is logged in the audit trail.

Creating a case

Cases are created from the Business Console:
  1. Navigate to Transactions and select one or more flagged transactions
  2. Click Create Case and provide a title and description
  3. Set the severity and priority
  4. Link the relevant alerts and transactions
  5. Assign to an analyst

Case properties

PropertyDescription
TitleShort description of the investigation
SeverityLOW, MEDIUM, HIGH, CRITICAL
StatusOPEN, IN_PROGRESS, RESOLVED, ESCALATED
Assigned toAnalyst responsible for the investigation
Linked alertsAlerts included in the case
Linked transactionsTransactions associated with the investigation
NotesInternal comments and findings from the investigation

Transaction notes

Analysts can add notes to individual transactions at any time. Notes include:
  • The note text
  • The analyst who wrote it (name and email)
  • Timestamp
  • Optional metadata
Notes are visible to all team members with transaction access and form part of the audit trail.

Analytics

The Transactions overview in the console tracks analyst performance including:
  • Average alert resolution time
  • Alerts resolved per analyst
  • Alert-to-case conversion rate
  • Open alert backlog by status