The Create/Modify Alert view allows you to add, manage, and edit Alerts. Related procedures are provided in Working with Alerts in the Reporting Module.
To access the Create/Modify Alert view:
- In the Security Analytics menu, click Administration > Reports.
The Manage tab is displayed.
- Click Alerts.
The Alert view is displayed.
- In the Alert toolbar, click .
The following figure is an example of the Create/Modify Alert view.
The Create or Modify Alert view includes the following sections:
- Alert Definition section
- Alert Description section
- Alert Notification section
Alert Definition Section
The Alert Definition section allows you to select an alert rule and data sources, push the event to the decoder or log decoder, and enable or disable the alert.
The following table describes the fields in the Alert Definition section:
Alert Notification Section
The Alert Notification section allows you to define the notification action Security Analytics takes when alert fires, say recording or sending the alert using one of the defined output actions. The output actions are Simple Mail Transfer Protocol (SMTP), Simple Network Management Protocol (SNMP), or Syslog message.
When you create an alert, the Notification section has the default Record tab. The icon besides the Record tab, allows you to select the notification type from the drop-down list for the output that you want to specify for this alert: SMTP, SNMP, or Syslog.
Depending on the notification type selected, the Notification section is populated with pre-defined text that has certain variables that will add Meta appropriate to the alert. In the Reporting Engine, these variables are replaced with actual values. The following table lists the variables and their description.
The Alert Notification section has four tabs:
The following table lists the various fields in the Record tab and their description.
The following table lists the various fields in the SMTP tab and their description.
Alert Description Section
The following table describes the fields in the Alert Description section.