Alerting: Alerts Summary View

Document created by RSA Information Design and Development on Apr 22, 2016
Version 1Show Document
  • View in full screen mode
 
  

The Alerts Summary view provides a consolidated view of all the alerts generated in a particular time range. You can specify a time range and represent alerts as graphs, charts and in tabular format. For example, if you want to view how many alerts of low, medium and high severity are generated in a particular time range, you can use a chart for better clarity. You can also view the number of alerts generated in a specific minute, hour or day.

On further drilling down, the view also provides event meta and event details on each alert generated.

Note: In the User Interface (UI), the date or time displayed depends on the time zone profile selected by the user.

In Security Analytics, the Alerts Summary view is displayed when you navigate to Alerts > Summary and select an ESA service.

The following figure shows the various components of the Alerts Summary view.

AleSumVw.png

Features

The Alerts Summary view consists of the following sections:

  • Alerts Summary
  • Alert Timeline
  • Alerts
  • Alerts by Severity

Alerts Summary

The Alerts Summary section displays the time period in which alerts are generated. The following figure displays the Alerts Summary section.

AleSumSec.png

On the top left part of the section, the ESA service selected is displayed. You can select a time period based on which you want alerts to be displayed. Some of the options available are displayed in the following figure.

TimeRange.png

Based on the time period that you select, the start time and end time are displayed in the section.

Alert Timeline

The Alert Timeline section shows a graphical representation of the alerts generated during a particular time period. The following figure displays the Alert Timeline section.

AleSumTL.png

You can perform the following using the Alert Timeline section:

  • View alerts generated during a particular minute, hour or day by selecting the option from the drop-down list of Unit.
  • View details about each alert generated by clicking View Alerts
  • View the number of alerts generated, severity level of the alerts and time they are generated by hovering the mouse over a specific point on the graph.

Note: You can click the legends provided in the Alert Timeline based on the Severity. Also, you can click and drag in the plot area to zoom in and view data.

Alerts

The Alerts section shows the alerts generated during a particular time period in tabular format. The following figure displays the Alerts section.

AleAleSec.png

The following table lists the various columns in the Alerts section and their description.

                         
ColumnDescription
NameThe name used to identify the alert.
CountThe number of times the alert occurred.
SeverityThe severity level of the alert.
Last DetectedThe last time the alert was detected.

You can view details on each alert generated by clicking an alert and also export the logs related to each event in the alert.

Alerts by Severity

The Alerts by Severity section shows a chart representation of the alerts based on the severity level. The following figure displays the Alerts by Severity section.

AleSev.png

You can view details on the alerts generated by clicking in the chart.

You are here: References > Alerts Summary View

Attachments

    Outcomes