Incident Management: Delete Alerts

Document created by RSA Information Design and Development on May 10, 2016
Version 1Show Document
  • View in full screen mode
 
  

This procedure is helpful when there are unwanted or non-relevant alerts. Deleting these alerts frees up disk space.

Prerequisites

The Administrator role must be assigned to you.

Procedure

To delete alerts:

  1. In the Security Analytics menu, select Incidents > Alerts.
    The All Alerts view is displayed.
  2. If you want to delete certain alerts, select each alert.
  3. Click Icon-DeleteText.png.
    DelAlrtsDg.png
  4. Perform one of the following actions: 
  • Click Delete selected to delete previously selected alerts.
  • Select Delete by time range and choose the time range, then click Delete.

Note: When you delete by time range, you delete alerts up until the last hour.

  1. Click OK.
    A confirmation dialog is displayed.
    alert_delete_confirm.png
  2. Click OK to delete the alerts.

Result

Each selected alert is deleted. The following conditions apply:

  • If a deleted alert is the only alert in an incident, the incident is also deleted.
  • If the deleted alert is not the only alert in an incident, the incident is updated to reflect the deletion.
  • You can manually add an alert that was part of a deleted incident to a new or existing incident.
  • The rule engine will not automatically pick up any alert that was part of a deleted incident.
You are here: Review Alerts > Delete Alerts

Attachments

    Outcomes