Reporting: Investigate an Alert View

Document created by RSA Information Design and Development on Sep 14, 2017Last modified by RSA Information Design and Development on Oct 15, 2017
Version 9Show Document
  • View in full screen mode

In the Investigate an Alert view, you can view and investigate alert details. When investigating an alert, you can open the sessions in the Investigation module for further investigation.

Workflow

investigate  alert workflow

What do you want to do?

                                           
RoleI want to...Documentation

Administrator/ Analyst

Configure Reporting Engine

Configure Reporting Engine

Administrator/ Analyst

Configure an alert

Configure an Alert

Administrator/ Analyst

Schedule an alertSchedule an Alert

Administrator/ Analyst

View an alert

View an Alert

Administrator/ AnalystInvestigate an alert*Investigate an Alert
Administrator/ AnalystManage an alert and alert templateManage an Alert and Alert Template

*You can complete these tasks here.

Related Topics

Alerting Overview

Configure an Alert

Schedule an Alert

View an Alert

Quick View

The following figure is an example with the important features labeled.

view alerts tab

The View an Alert view has the following panels:

  • View Alerts Toolbar
  • View Alerts List

View Alerts List

The following table lists the columns in the View Alerts List panel.

                             
ColumnDescription

The icon that opens the Investigation module, where the details of the first session that registered the match for the given alert is displayed for immediate analysis.

Note: You are not redirected to the Investigation module when:
-You reconfigure a data source for an existing alert and run an alert on the new data source.
-You enter a host name instead of an IP address in the data source field.

NameThe name of the alert that registered the match. The hyperlink on the name opens the Investigation module to view all matches for that particular alert for the hour surrounding the registered alert. 
Number of hitsThe number of times the alert is generated.
DetectedThe date and time at which the alert generates.
MessageThe alert message.
You are here
Table of Contents > Alerting References > Investigate an Alert View

Attachments

    Outcomes