Reporting: Alert Overview

Document created by RSA Information Design and Development on May 2, 2016
Version 1Show Document
  • View in full screen mode
 
  

This topic provides a brief description about an alert. An alert is a rule that you can schedule to run on a continuous basis and log its findings to different alerting outputs, including the Reporting > Manage > Alerts module, Record, SMTP, SNMP, and Syslog. You can take any rule that exists in Security Analytics and create an alert from it if that rule has a unique where clause. After you create an alert, you can add that alert to the alert queue. After you add  an alert to the queue, it runs every minute (by default).

                    
PropertyDescriptionExample

Name

Note:  For Name field, the icon to extend the column size is not displayed at the end of the column field. You have to hover the mouse a little to the left side to see the icon for extending the column.

Used to identify the alert. Clicking the alert name displays the rule on which this alert is based in the Define Rules panel.Alert1
DescriptionUsed to describe the alert.Template messages

An alert consists of the following:  

Note: In the Reporting user interface, wherever Date and Time or an input entered for this field are displayed, it is always according to the user selected time zone profile. By default, Reporting Engine displays all the repeated values for a meta key. If you do not want the meta values to repeat in the Alert Output, enable the "removeRepeatedMetaValue" option by navigating to "Configuration AlertConfiguration available for the Reporting Engine in the Services Configuration > Explore view. For example, in an HTTP Session the value for action is displayed as get, get, put, put, post, get. When this option is enabled, the value is displayed as get, put, post.

You are here: Working with Alerts in the Reporting Module > Alert Overview

Attachments

    Outcomes