Alerts

The Alerts tab gives an overview of all the alerts raised based on the risk scores and detected anomalies.

These alerts are categorized based on their severity as critical, trouble, and attention. To view the alerts in each category, click on the required tab. For instance, clicking on Trouble Alerts will give you a list of all the alerts that indicate a moderate amount of risk in your environment.

• Enabling, disabling, and customizing alert profiles
• Managing triggered alerts
• Assigning, deleting, and changing the status of alerts
• Adding an alert profile
• Setting filters

Enabling, disabling, and customizing alert profiles:

To enable pre-built alerts or to add new alert profiles, click on the Manage Profiles button in the top right corner of the alerts tab. The manage profiles page will open.

Enabling and disabling alert profiles

The Manage Profiles page gives an overview of the alert profiles that are currently enabled or disabled. The green-tick icon in the Actions column signifies that an alert has been enabled.

To enable or disable an alert(s):

• Click on the green-tick of the required alert profile to disable it.
• Click on the red-slash of the alert profile to enable it.
• Click on the delete icon to delete the alert profile.

This page also gives you a list of the alert profiles that are available. This includes both default and created alerts. The number of alerts raised for each profile, the type, and severity will also be displayed in the table.

Number of alerts

To view the number of times the alert has been raised, simply click on the number. The time at which each alert was raised, the alert format, entity type, status, and risk score will appear.

Customizing alert profiles

To customize an existing alert profile, click on the edit icon. The Add Alert Profile page will appear. The existing conditions set for the alert to be triggered will be filled-in. For instance, clicking on the edit icon for an existing profile FTP Logon Alert Profile will give you this page as shown below. You can modify the pre-set conditions here.

Default Alert Profiles

The solution provides nine default alert profiles. These alert profiles can be enabled, disabled, or customized. The list of available default profiles is shown in the image below.

Managing triggered alerts

To manage an alert that has been raised, simply click on the alert and the Format Message popup will appear. All the granular details related to the alert and the options to manage it will be available here.

Assign to: Click on the dropdown to assign the technician to investigate the alert.

Severity: You can change the severity of the alert to critical, attention, or trouble by clicking on the drop down provided and selecting the required level.

Status: The status of the alert can be changed to open, closed, or unassigned by clicking on the drop down and selecting the required status.

More details: Clicking on more details will give you information on the threshold, the threshold interval, and more.

Notes: To add a note for an alert, type the message in the space under the notes section and click on save. If a note is added to an alert, it will be displayed next to the checkbox.

Contributed Anomalies: Clicking on Contributed Anomalies will give you details of each instance that contributed to the alert getting triggered.

Assigning, deleting, and changing the status of alerts

Click on the individual alert or click on the check boxes to select the multiple alerts.

Once the alerts are selected, the options Assign, Status, and Delete will appear. You could use these options to perform bulk enabling or disabling of alerts.

Adding an alert profile

To add an alert profile, click on the +Add Alert Profile button on the top right corner of the screen. The Add Alert Profile page will appear.

1. Enter the alert name and description. (The description is optional)
2. Select the required severity level.
3. Select report, entity, or risk card to enter what the alert is based on.
4. Click on the + sign in the Select Report field to set the required reports.
5. Click on the + sign in the in the Select Entity field to set the entity, host or Active Directory Group. If you choose an Active Directory group, all the users within that group will be configured for the alert at one go.
6. Add an alert message in the format required.
7. Click on Save Changes.

Adding a filter for selected reports

Once a report is selected in the Select Report field, the Add Filter option will appear.

The conditions associated with the report can be granularly refined by selecting the report field and setting the values.

Advanced configuration for Report and Entity-based alerts

For report and entity-based alerts, there is an option to set the threshold under filter criteria. Enter the number of anomalies and the required interval. Set the time range too, if required.

Alert Notification

You can enable notifications for the alert profile by choosing the notification template you want to use from the available list.

Configuring the mail server: Please refer to the Server settings page.

Setting filters

Filtering alerts based on the time range

To view alerts in a specific time range, click on the calendar icon on the top right corner of the screen. Once the required range is set, only the alerts raised in that specific period will be displayed.

Filtering alerts based on Severity, Status, Technician, and the Profile

Click on the filter icon on the top right corner of the screen to filter alert profiles based on severity, status, technician, and the profile.

Click on the check boxes to set the necessary conditions for filtering alerts and click on Apply. The alerts that satisfy the conditions set will be displayed.

Exporting Alerts

You can export Alerts for a chosen time range in CSV, PDF, XLS and HTML report formats. This will help you submit the reports to management and aid intelligent decision-making.

You can also review the history of alert exports.