Reporting: View Alerts Panel

Document created by RSA Information Design and Development on Nov 23, 2016Last modified by RSA Information Design and Development on Feb 10, 2017
Version 5Show Document
  • View in full screen mode
  

This topic describes the features of the View Alerts panel. The View Alerts panel allows you to view alerts triggered by the Reporting module and investigate any alert in the Investigation module. Only your alerts (the alerts for which you have view permission) are listed in a table. You can customize the view to show alerts for a specific period of time, and set the maximum number of alerts displayed in a single page. The procedures associated with this panel are provided under View an Alert List

To access the dialog:

  1. In the Security Analytics menu, select Reports.
    The Manage tab is displayed.
  2. Click Alert.
    The Alert view is displayed. 
  3. Click .

The following figure shows the different panels on the View Alerts panel.

Features

The View Alerts panel has the following features:

  • View Alerts toolbar
  • View Alerts list

View Alerts Toolbar

The View Alerts toolbar allows you to filter alerts based on a count, or the start and end date of the alerts.
The following table lists the operations in View Alerts toolbar.

           
OptionDescription
Last Hour(s) dataThe data fetched from the previous execution.
Max No Of AlertsThe maximum number of alerts that you want to display in a single page.

View Alerts List

The View Alerts List  lists all the filtered alerts in a tabular format. The following table lists the columns in the View Alerts List panel.

                    
ColumnDescription
investigation_icon.pngInvestigates the alert. Clicking the button opens the Investigation module, where the details of the first session that registered the match for the given alert is displayed for immediate analysis. 

Note: You are not redirected to the Investigation module, when:
-You reconfigure a data source for an existing alert and run an alert on the new data source.
-You enter a hostname instead of an IP address in the data source field.

NameIndicates the name of the alert that registered the match. The hyperlink on the name opens the Investigation module to view all matches for that particular alert for the hour surrounding the registered alert. 
Number of hitsIndicates the number of times the alert is fired.
DetectedIndicates the the date and time at which the alert fired.
MessageIndicates the alert message.
Previous Topic:Template References
You are here
Table of Contents > Reporting Module References > Alert References > View Alerts Panel

Attachments

    Outcomes