In the RESPOND view, you can browse through various alerts from multiple sources. You can filter the alerts list to show only alerts of interest, such as by Alert Name, alert source, and a specific time range.
- In the Filters panel on the left, you can filter the alerts list to view specific alerts for a specific time frame. For example, in the ALERT NAMES section, you can select an alert for an ESA rule, such as ESA Rule - Source IP, and leave the TIME FRAME set to Last Hour.
The alerts list to the right shows a list of alerts that match your filter selection along with a count of the alerts at the bottom of the alerts list.
The alerts list shows information about each of the alerts.
- Created: Displays the date and time when the alert was created in the source system.
- Severity: Displays the level of severity of the alert. The values are from 1 to 100.
- Name: Displays a basic description of the alert.
- Source: Displays the original source of the alert.
- # of Events: Indicates the number of events contained within an alert.
- Host Summary: Displays details of the host, like the host name from where the alert was triggered.
- Incident ID: Shows the incident ID of the alert. If there is no incident ID, the alert does not belong to an incident.
- You can click on an alert in the list to open an Overview panel on the right where you can view raw alert metadata.
For more information about filtering alerts and viewing alert details, see the NetWitness Respond User Guide.