The Alerts Summary view provides a consolidated view of all the alerts generated in a particular time range. You can specify a time range and represent alerts as graphs, charts and in tabular format. For example, if you want to view how many alerts of low, medium and high severity are generated in a particular time range, you can use a chart for better clarity. You can also view the number of alerts generated in a specific minute, hour or day.
On further drilling down, the view also provides event meta and event details on each alert generated.
Note: In the User Interface (UI), the date or time displayed depends on the time zone profile selected by the user.
In Security Analytics, the Alerts Summary view is displayed when you navigate to Alerts > Summary and select an ESA service.
The following figure shows the various components of the Alerts Summary view.
The Alerts Summary view consists of the following sections:
- Alerts Summary
- Alert Timeline
- Alerts by Severity
The Alerts Summary section displays the time period in which alerts are generated. The following figure displays the Alerts Summary section.
On the top left part of the section, the ESA service selected is displayed. You can select a time period based on which you want alerts to be displayed. Some of the options available are displayed in the following figure.
Based on the time period that you select, the start time and end time are displayed in the section.
The Alert Timeline section shows a graphical representation of the alerts generated during a particular time period. The following figure displays the Alert Timeline section.
You can perform the following using the Alert Timeline section:
- View alerts generated during a particular minute, hour or day by selecting the option from the drop-down list of Unit.
- View details about each alert generated by clicking View Alerts.
- View the number of alerts generated, severity level of the alerts and time they are generated by hovering the mouse over a specific point on the graph.
Note: You can click the legends provided in the Alert Timeline based on the Severity. Also, you can click and drag in the plot area to zoom in and view data.
The Alerts section shows the alerts generated during a particular time period in tabular format. The following figure displays the Alerts section.
The following table lists the various columns in the Alerts section and their description.
|Name||The name used to identify the alert.|
|Count||The number of times the alert occurred.|
|Severity||The severity level of the alert.|
|Last Detected||The last time the alert was detected.|
You can view details on each alert generated by clicking an alert and also export the logs related to each event in the alert.
Alerts by Severity
The Alerts by Severity section shows a chart representation of the alerts based on the severity level. The following figure displays the Alerts by Severity section.
You can view details on the alerts generated by clicking in the chart.