Findings Alerts

The Alerts/Findings Assets page provides a centralized view of all alerts generated by Findings configured in the Findings Center. It shows all alerts based on a selected query (shown above the search bar) or all alerts, if no query is chosen. By presenting Alerts as standard Axonius assets, this page enhances your ability to track, monitor, and use alert data across the platform, including in the Enforcement Center, Workflows, and Dashboards.

Required Permissions

You need permissions for Alerts/Incidents assets and Findings, in order to view this page.

Opening the Alerts/Findings Assets

To open the Alerts/Findings assets page

• In the left navigation pane, click the Assets icon.

• From the left-pane, expand Alerts & Incidents, and select Alerts/Findings.

  

For each Finding Alert, the query results table displays multiple columns.

You can set the columns displayed on the page, and freeze specific columns so that they are not scrolled. Refer to Setting Page Columns Display.

Alert Fields

There are many fields that you can view and query on the Alerts/Findings page. This includes the following fields:

• Alert ID - ID number of the alert.

• Finding Description - Description of the Finding.

• Trigger Date - Timestamp in UTC that the Finding triggered the alert.

• Related Assets: Entity ID - Complex field that shows assets which triggered the alert.

  • This field displays the IDs of the assets related to the Findings Alert.
  • Click an ID to open its asset profile page. For example, if the related asset is of type User, clicking it opens the user's asset profile page.

• Status - Status of the alert. Available statuses: Open, In Progress, Closed, Canceled.

• Finding Name - Name of the Finding.

• Finding Severity - Severity of the Finding. Available options are: Informational, Low, Medium, High, Critical. The severity of an alert is equivalent to the severity of the Finding that triggered it.

• Finding Check and Notify - The schedule according to which the Finding is configured to check the entity.

• Finding Asset Type - The type of asset being checked by the Finding. For example, Devices, Application Settings, Adapters Fetch History,Tickets, Users, Groups.

• Source - The source of the alert, i.e., Findings Center.

• Tags - Tags associated with the Finding.

Performing Actions on Finding Alerts

For single alert actions, hover over the alert and click an action at the end of its row. For bulk actions, select multiple alerts and choose an action from the top of the page. Refer to Asset Actions for details.

The structure of the Findings Alerts page and navigating it are similar to all the Assets pages. For more details on the different elements and the navigation in the Findings Alerts page, see Assets page.

Creating Queries

Use Queries to gain deeper insights into your Findings alerts. Create granular queries with various filters to easily drill down to Findings alerts that match your required search criteria. You can create queries using:

• Query Wizard (default) - Build queries using the Query Wizard, or in the query bar, select a saved query or write your own.

• Basic mode - Create queries by selecting filters.

Both modes allow you to create unique sets of queries tailored to your needs.

Learn more about creating Queries using the Query Wizard and Basic mode.

Viewing a Finding Alert Asset Profile

Click an individual asset row in Alerts/Findings to see all its relevant data. To learn more, see Asset Profile page.

• In the Findings Alert asset profile page, the Related Assets field displays the information of the first asset related to the Findings Alert (Asset Name, Entity ID, and Asset Type), followed by + and the number of additional related assets. Hover over the number to display the information on the top 10 additional assets.
• To view the Related Assets complex field: In the left pane, under Tables, click Related Assets. Alterntely, click the Related Assets link in the Asset Profile.
  • Learn more about the Related Assets complex field.