Respond Config: Set Counter for Matched Alerts and Incidents

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Oct 6, 2017
Version 8Show Document
  • View in full screen mode
 

This procedure is optional. Administrators can use it to change when the count for matched alerts is reset to 0. The Aggregation Rules tab displays these counts in columns on the right.

Aggregation Rules Tab

These columns provide the following information for a rule: 

  • Last Matched column shows the time when the rule last matched alerts.
  • Matched Alerts column displays the number of matched alerts for the rule.
  • Incidents column displays the number of incidents created by the rule.

By default, these values reset to zero every 7 days. Depending on how long you want the counts to continue, you can change the default number of days.

Note: When the counter resets to zero, only the numbers in the three columns change to zero. No alerts or incidents get deleted.

To set a counter for matched alerts and incidents:

  1. Go to ADMIN > Services, select the Respond Server service and select Actions icon > View > Explore.
  2. In the Explore view node list, select respond/alertrule.
    Respond Server Explore view showing respond/alertrule and counter-reset-interval-days
  3. In the right panel, type the number of days in the counter-reset-interval-days field.
  4. Restart the Respond Server service for the new setting to take effect. To do this, go to ADMIN > Services, select the Respond Server service, and select Actions icon > Restart.

You are here
Table of Contents > Additional Procedures for Respond Configuration > Set Counter for Matched Alerts and Incidents

Attachments

    Outcomes