Alerting: View a Summary of Alerts

Document created by RSA Information Design and Development on Oct 23, 2017
Version 1Show Document
  • Comment0
  • View in full screen mode
  

This topic describes how to view a summary of alerts. You can see a consolidated view of alerts generated in a specified time range.

Procedure

To view a summary of alerts:

  1. In the Security Analytics menu, select Alerts > Summary.

    If there is a default ESA service, the Summary view is displayed with the information for that service.

    AleSumVw2.png

    If no default service has been selected, the Select an ESA Service dialog is displayed.

  2. In the Select an ESA Service dialog, select a service and click Select.
    The Summary view is displayed.
  3. To choose a new service to view:
    1. Click ic-serv.png.
      The Select an ESA Service dialog is displayed.
    2. Select a service from the list and click Select.
      The Summary view is displayed with the information for the chosen service.
  4. To choose the timeframe of the summary, open the Time Range drop-down menu and select a time range.
    The Start Time and End Time fields reflect the new range.
  5. To choose the timeline, open the Unit drop-down menu and select a unit of time.
  6. To refresh the information in the Summary view, click ic-refresh2.png.
  7. To view alerts in a list, click ic-VwAlerts.png.
  8. In the list view, you can see more details about each alert.

alert summary

  • Date-- date the alert was generated.
  • Name--name of the alert.
  • Severity-- severity of the alert. (low, medium, or high).
  • # of Events-- the number of events associated with the alert.
  • Alert ID-- unique ID for each alert.
  • Statement - dynamically generated statement name.

Also, you can view a detailed summary of each alert generated by clicking an alert. The following figure shows more details about the alert generated.

detailed alert summary

  • Description - description of the alert.
  • Statement - dynamically generated statement name.
  • Time - time the alert was generated as per the timezone set on Security Analytics UI.
  • Severity - severity of the alert (low, medium, high).
  • Date- date the event was executed .
  • ID- event ID.
  • Raw Content - detailed information of the event.

For more information, see Alerts Summary View.

You are here
Table of Contents > View ESA Stats and Alerts > View a Summary of Alerts

Attachments

    Outcomes