RSA Admin

Managing Alerts

Discussion created by RSA Admin Employee on Oct 24, 2011
Latest reply on Oct 25, 2011 by RSA Admin
In relative terms, we have a fairly small number of servers sending events to our Envision appliance. I have created a few alerts for events I'm interested in. If something causes a burst of events to cause alerts (or if I misconfigure an alert when I'm developing it), I'm told by support I have to change their status from "New Alert" to "Under Investigation" one by one, as there is no other way to do this in bulk. Does anyone else have this same issue, or am I missing something. I can't imagine dealing with alerts in a large enterprise this way. Thanks!

Outcomes