This topic provides a brief description about an alert. An alert is a rule that you can schedule to run on a continuous basis and log its findings to different alerting outputs, including the Reporting > Manage > Alerts module, Record, SMTP, SNMP, and Syslog. You can take any rule that exists in Security Analytics and create an alert from it if that rule has a unique where clause. After you create an alert, you can add that alert to the alert queue. After you add an alert to the queue, it runs every minute (by default).
An alert consists of the following:
Note: In the Reporting user interface, wherever Date and Time or an input entered for this field are displayed, it is always according to the user selected time zone profile. By default, Reporting Engine displays all the repeated values for a meta key. If you do not want the meta values to repeat in the Alert Output, enable the "removeRepeatedMetaValue" option by navigating to "Configuration > AlertConfiguration available for the Reporting Engine in the Services Configuration > Explore view. For example, in an HTTP Session the value for action is displayed as get, get, put, put, post, get. When this option is enabled, the value is displayed as get, put, post.