Reporting: View Alerts Panel

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

The View Alerts panel allows you to customize the view of your alerts. The procedures associated with this panel are provided under View an Alert List

Features

The View Alerts Panel has the following features:

  • View Alerts toolbar
  • View Alerts List panel

The following figure shows the different panels on the View Alerts panel.

104_view_alerts_page.png

View Alerts Toolbar

The View Alerts toolbar allows you to filter alerts based on a count, or the start and end date of the alerts.
The following table lists the operations in View Alerts toolbar.

             
OperationDescription
Last Hour(s) dataThe data fetched from the previous execution.
Max No Of AlertsThe maximum number of alerts that you want to display.

View Alerts List

The View Alerts List  lists all the filtered alerts in a tabular format. The following table lists the columns in the View Alerts List panel.

                      
ColumnDescription
investigation_icon.pngInvestigates the alert. Clicking the button opens the Investigation module, where the details of the first session that registered the match for the given alert is displayed for immediate analysis. 

Note: You are not redirected to the Investigation module, when:
-You reconfigure a data source for an existing alert and run an alert on the new data source.
-You enter a hostname instead of an IP address in the data source field.

NameIndicates the name of the alert that registered the match. The hyperlink on the name opens the Investigation module to view all matches for that particular alert for the hour surrounding the registered alert. 
Number of hitsIndicates the number of times the alert is fired.
DetectedIndicates the the date and time at which the alert fired.
MessageIndicates the alert message.
You are here: Reporting Module References > Alert References > View Alerts Panel

Attachments

    Outcomes