Help Document

Alerts

The Alerts tab gives an overview of all the alerts raised based on the risk scores and detected anomalies.

alerts

These alerts are categorized based on their severity as critical, trouble, and attention. To view the alerts in each category, click on the required tab. For instance, clicking on Trouble Alerts will give you a list of all the alerts that indicate a moderate amount of risk in your environment.

Note: In this document, "Alert Profile" refers to the conditions set for an alert. "Alert" refers to an alert that has been triggered. An alert is triggered if the conditions set in the alert profile are met.

Enabling, disabling, and customizing alert profiles:

To enable pre-built alerts or to add new alert profiles, click on the Manage Profiles button in the top right corner of the alerts tab. The manage profiles page will open.

enabling-disabling-customizing-alert-profiles

Enabling and disabling alert profiles

The Manage Profiles page gives an overview of the alert profiles that are currently enabled or disabled. The green-tick icon in the Actions column signifies that an alert has been enabled.

To enable or disable an alert(s):

  • Click on the green-tick of the required alert profile to disable it.
  • Click on the red-slash of the alert profile to enable it.
  • Click on the delete icon to delete the alert profile.

This page also gives you a list of the alert profiles that are available. This includes both default and created alerts. The number of alerts raised for each profile, the type, and severity will also be displayed in the table.

Number of alerts

To view the number of times the alert has been raised, simply click on the number. The time at which each alert was raised, the alert format, entity type, status, and risk score will appear.

Customizing alert profiles

To customize an existing alert profile, click on the edit icon. The Add Alert Profile page will appear. The existing conditions set for the alert to be triggered will be filled-in. For instance, clicking on the edit icon for an existing profile FTP Logon Alert Profile will give you this page as shown below. You can modify the pre-set conditions here.

customizing-alert-profiles

Default Alert Profiles

The solution provides nine default alert profiles. These alert profiles can be enabled, disabled, or customized. The list of available default profiles is shown in the image below.

default-alert-profiles

Managing triggered alerts

managing-triggered-alerts

To manage an alert that has been raised, simply click on the alert and the Format Message popup will appear. All the granular details related to the alert and the options to manage it will be available here.

Assign to: Click on the dropdown to assign the technician to investigate the alert.

Severity: You can change the severity of the alert to critical, attention, or trouble by clicking on the drop down provided and selecting the required level.

Status: The status of the alert can be changed to open, closed, or unassigned by clicking on the drop down and selecting the required status.

More details: Clicking on more details will give you information on the threshold, the threshold interval, and more.

Notes: To add a note for an alert, type the message in the space under the notes section and click on save. If a note is added to an alert, it will be displayed next to the checkbox.

Contributed Anomalies: Clicking on Contributed Anomalies will give you details of each instance that contributed to the alert getting triggered.

contributed-anomalies

Assigning, deleting, and changing the status of alerts

assigning-deleting-changing-of-alerts

Click on the individual alert or click on the check boxes to select the multiple alerts.

Once the alerts are selected, the options Assign, Status, and Delete will appear. You could use these options to perform bulk enabling or disabling of alerts.

Adding an alert profile

To add an alert profile, click on the +Add Alert Profile button on the top right corner of the screen. The Add Alert Profile page will appear.

adding-an-alert-profile

  1. Enter the alert name and description. (The description is optional)
  2. Select the required severity level.
  3. Select report, entity, or risk card to enter what the alert is based on.
  4. Click on the + sign in the Select Report field to set the required reports.
  5. Click on the + sign in the in the Select Entity field to set the entity and the host.
  6. Add an alert message in the format required.
  7. Click on Save Changes.

Adding a filter for selected reports

Once a report is selected in the Select Report field, the Add Filter option will appear.

adding-filter-fo-selected-reports

The conditions associated with the report can be granularly refined by selecting the report field and setting the values.

Note: Setting filters for reports is optional.

setting-filters

Advanced configuration for Report and Entity-based alerts

entity-based-alerts

For report and entity-based alerts, there is an option to set the threshold. Enter the number of anomalies and the required interval. Set the time range too, if required.

Email Notification

To enable email notification, select the Email Notification option. Once the checkbox is clicked, the To, Subject, and Message fields will appear.

email-notification

Macros: You can add more information in your alert message by including entities, reports, and anomaly types. Click on the dropdown provided and select the required options. The selected fields will appear in the notification message.

Configuring the mail server: To configure the mail server, click on the Configure Mail Server button. The configure Mail Server Settings option will appear.

configuring-the-mail-server

Fill the required fields. To use a secure connection to receive the mail, choose SSL or TLS after clicking the Secure Connection dropdown.

To ensure that the mail server has been configured properly, click on the Send Test Mail option. If you get the test mail to the email address entered here, the configurations are fine.

Setting filters

Filtering alerts based on the time range

filtering-alerts-based-on-the-time-range

To view alerts in a specific time range, click on the calendar icon on the top right corner of the screen. Once the required range is set, only the alerts raised in that specific period will be displayed.

Filtering alerts based on Severity, Status, Technician, and the Profile

filtering-alerts-based

Click on the filter icon on the top right corner of the screen to filter alert profiles based on severity, status, technician, and the profile.

trouble-alerts

Click on the check boxes to set the necessary conditions for filtering alerts and click on Apply. The alerts that satisfy the conditions set will be displayed.