This procedure is helpful when there are unwanted or non-relevant alerts. Deleting these alerts frees up disk space.
The Administrator role must be assigned to you.
To delete alerts:
- In the Security Analytics menu, select Incidents > Alerts.
The All Alerts view is displayed.
- If you want to delete certain alerts, select each alert.
- Click .
- Perform one of the following actions:
- Click Delete selected to delete previously selected alerts.
- Select Delete by time range and choose the time range, then click Delete.
Note: When you delete by time range, you delete alerts up until the last hour.
Each selected alert is deleted. The following conditions apply:
- If a deleted alert is the only alert in an incident, the incident is also deleted.
- If the deleted alert is not the only alert in an incident, the incident is updated to reflect the deletion.
- You can manually add an alert that was part of a deleted incident to a new or existing incident.
- The rule engine will not automatically pick up any alert that was part of a deleted incident.