View Log Alerts
The Alerts tab lists details of all alerts triggered (if you have not set up any alert profiles, the tab directs you to do so). You can view the timestamp of the alert, the device which triggered it, the severity, the status of the alert, and the message.
Filtering Alert Profiles
By clicking on the filter icon in the top right corner, you can select the appropriate filter options.
You can select one or more options from the categories provided to customize your view of alerts. For instance, if you want to view your open, unassigned, and critical alerts, you can simply select the respective criteria by clicking on the check boxes. All you open, unassigned, and critical alerts will be displayed on the screen.
Additionally, clicking on Critcal Alerts, Trouble Alerts, Attention Alerts, and All Alerts will give you the respective alerts.
The top right corner of the alerts tab also gives you access to the following alert configuration options:
- Manage alert profile: The manage alert profile page allows you to add/delete, edit and update notification settings, enable/disable, export/import the various alert profiles.
- Export as: The option to export your alerts in the pdf or csv format.
Clicking on the settings icon will give you the following options.
- Manage incident configuration: Configure an external help desk software (ServiceDesk Plus, ServiceNow, Jira Service Desk, Zendesk, Kayako, and BMC Remedy Service Desk) to forward alerts to.
- Assign rules: Create and prioritize rules to assign incoming alerts to an owner automatically, based on the device/device group which generates the alert.
- Workflows: The option to configure incident management workflows with an alert to mitigate incidents.
Click on the check boxes to select the required alerts. Once the alerts are selected, the options Assign, Status, Delete, and More will appear. You can assign the alert to an administrator, change the status, or delete the alerts by choosing the appropriate options.
Clicking on More will give you the option to Whitelist the Source. In case an alert is raised by Advanced Threat Analytics and you are convinced that the source is not malicious, you can whitelist it by choosing the option here.
Information on the alert
Hovering over the alert gives additional information such as what triggered the alert, the domain, the device involved and more.
Alert Format Message
Clicking on an alert opens a pop-up titled Alert Format Message.
Details such as SL Event ID, Logon Type and more can be obtained by clicking on More Details.
By clicking on the dropdown provided, alerts can be assigned to an administrator or an operator.
The severity of the alert can be changed, if required, by clicking on the dropdown provided.
The status of the alert can be changed by clicking on the dropdown provided.
A note can be included for the alert in the "Notes" section. To save the note click on "Add Note". The maximum character limit for a note is 300. Upto 15 notes can be added for an alert. Once notes are added for an alert, it will be displayed in the side.
In case a workflow is configured for the alert, the status of the workflow can be viewed in the Alert Format Message pop-up.
Click the status of the workflow for more information. Once clicked, a pop-up will open.
For Threshold based alerts, you can now view each instance by clicking on the alert. There will be a section called Threshold.
Clicking on the threshold number will give you a pop-up with more details.
Add / Remove Columns
Cloumns can be added or removed by clicking on the Add / Remove option in the top right corner. You have the option to choose and rearrange the columns as needed. A minimum of 3 and maximum of 7 can be selected.
Note: The default columns cannot be removed and rearranged. The default columns are Time, Notes, and Alert Format message.
Clicking on this will give you a pop-up. Choose the required options by clicking on the checkboxes.
Advanced Threat Analytics Alerts
These alerts are raised when malicious domains, URLs, and IPs intrude into your network. Clicking on this alert will give you a reputation score, the number of times it had appeared on a threat list and more.