Login
    Contents x
    Viewing Alert Information
    • 21 Mar 2024
    • 4 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Viewing Alert Information

    • Updated on 21 Mar 2024
    • 4 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    The Source column in the Alerts table displays the source of the alert.
    You can click an alert row to view the alert's detailed information and attempt to fix the issue that caused the alert.

    Viewing a Findings Center Alert

    From the Alerts page, you can view the detailed information of an alert.

    To view alert details

    • In the Alerts tab of the Findings Center, click an alert (i.e., an unmuted alert that you have been notified about) originating from the Findings Center to open its Alert drawer with all its detailed information.

    The Alert drawer includes the following:

    • Alert overview - The top row of the Alerts drawer. Displays all the information from the row of the selected alert from the Alerts table, as well as Alert Count - the number of times the alert was triggered since the last alert with notification was triggered. This count includes the current alert and the muted alerts (without notification) since the last notification.

    • Trigger Condition - The configuration of the condition in the rule that triggered this alert.

    • Alerts - A table listing the alerts that have been triggered since the last alert with notification. The top row is the current alert (unmuted, with notification) and the rows below it are the rows of the muted alerts from the most recent to the earliest. This table shows the following information:

      • Alert ID - The ID number of the alert. This number is assigned by the system in sequential order. For muted alerts, a Mute icon appears after the ID number.
        MutedAlerts

      • Count - For a Simple query threshold trigger condition only. Displays the number of assets that met the condition and created the alert. From the top alert (current, with notification), you can pivot to this list of assets.
        AlertDrawerSimpleQueryNew

      • Count 1, Count 2 - For Query comparison and Query change over time trigger conditions. Displays under the Count 1 and Count 2 columns the number of assets that were compared in the condition that created the alert.
        AlertDrawerCompareCounts1

      • Date - The date and time of the triggered alert.

    • Link to the Findings Center rule that triggered this alert - in the Alert drawer header.

    To view the source of a Findings Center alert

    1. In the Alerts table, click an alert with Source = Findings Center. The Alert drawer opens.
    2. Pivot to the alert assets.
    3. Open the rule that triggered this alert.
    4. Attempt to fix the issue that caused the alert.
    5. Manually update the status of the alert, as relevant.

    Viewing Alert Assets

    The Alerts section shows all the alerts triggered by the rule (including muted alerts), with the most recent one on top of the list. From the most recent alert, you can pivot to the list of assets that crossed the threshold and therefore created the alert. The Assets page opens in a new tab, listing the complete list of assets related to the alert at the date and time that the alert was triggered.
    This list of assets is based on a historical snapshot taken at the time of the alert.
    FreezeAlertResults

    Note:
    • Verify that Historical Snapshot Retention Settings are enabled.
    • When you pivot to the assets list, it lists the assets that triggered an alert at the time of the alert (based on a historical snapshot from the time of the alert). As assets are constantly added, deleted, and correlated over time in the system, it is possible that some assets that were in the original list may no longer be in the system. Change the date to the current date from the Display by Date field (above figure - enclosed in red rectangle) to view a current up-to-date asset list.

    To pivot to alert assets

    • In the Alert drawer, under the Alerts section, click the number of assets under the Count or Count 1 (but not Count 2) columns:
      • Count column: For alerts triggered by a rule configured with the Simple query threshold trigger condition.
      • Count 1, Count 2 columns: For alerts triggered by a rule configured with the Query comparison or Query change over time trigger conditions.

    Opening the Triggering Rule

    From the Alert drawer, you can open the configuration of the rule that triggered the alert. You can update the rule configuration, if required.

    To open the triggering rule

    1. In the header of the Alert drawer, click the Go to Findings Rule icon FindingsIcon. The Findings rule that triggered this alert opens.
    2. Update the rule configuration, if required.

    Viewing an Enforcement Center Alert

    You can view system alerts sent from the Enforcement Center.

    ECAlert

    To view the source of an Enforcement Center alert

    1. In the Alerts table, click an alert with Source = Enforcement Center. The Run drawer within the Run History screen opens, showing the results of the enforcement run. You can go to the assets from the Run History drawer.
    2. Attempt to fix the cause of the alert.
    3. Manually update the status of the alert, as relevant.
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout