This topic tells administrators how to specify when the counter for matched alerts resets to zero.
These columns provide the following information for a rule:
- Last Matched column shows the time when the rule last matched alerts.
- Matched Alerts column displays the number of matched alerts for the rule.
- Incidents column displays the number of incidents created by the rule.
By default, these values reset to zero every 7 days. Depending on how long you want the counts to continue, you can change the default number of days.
Note: When the counter resets to zero, only the numbers in the three columns change to zero. No alerts or incidents get deleted.
To set a counter for matched alerts and incidents:
- In the Security Analytics menu, select Administration > Services.
- Select an Incident Management service, then select View > Explore.
- In the Explore view on the left, select Service > Configuration > ruleEngine.
- In the right panel, type the number of days in the CounterResetInDays field.
- Restart the service for the new setting to take effect: