.png?sv=2019-07-07&sig=YP%2B17AKFniF17CIJ89cBhdolAEI7i5ylS36lMCrwnCo%3D&spr=https%2Chttp&st=2023-11-30T03%3A39%3A54Z&se=2023-11-30T03%3A49%3A54Z&srt=o&ss=b&sp=r){kind=logo}
Viewing Alerts
- 18 Sep 2023
- 3 Minutes to read
- Print
- DarkLight
- PDF
Viewing Alerts
- Updated on 18 Sep 2023
- 3 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
To view the Alerts triggered in the system
- In the left navigation panel, click the Findings icon
OR - On the top right corner of any screen in the system, click the Alerts bell
. The number of unseen alerts is displayed above the bell.
. The number of unseen alerts is displayed above the bell.
Alerts Table
The Alerts page presents in a table all alerts that you have been notified about (i.e., unmuted), sorted by date, from the newest to the oldest.
The Alerts table provides the following information:
| Field | Description |
|---|---|
| Alert ID | ID number of the alert. Note: Each time there is an alert in the system, it is assigned an ID number in sequential order. |
| Rule Name | The name of the rule that triggered the alert. |
| Severity | The alert severity. The severity of a Findings alert is equivalent to the severity of the rule that triggered it. The severity of alerts from other sources is fixed per source and is not user configurable. Available options are: Informational, Low, Medium, High, Critical |
| Message | The system message that notified about the alert. Hovering over the tooltip displays a detailed description of the alert. |
| Date and Time | The timestamp in UTC time that the alert was triggered. |
| Check and Notify | The frequency that the rule checks the entity. |
| Source | The source of the alert (for example, Findings Center, Adapter Connection, Enforcement Center, Settings). Learn more about the various alert sources. |
| Status | The status of the alert. Available statuses: Unseen, Open, In Progress, Closed, Canceled |
Changing the Order Columns are Displayed
You can change the order of columns displayed in the table.
Drag and drop columns on the table to arrange them in the order that you want. The changes are only for the current session.
Searching and Filtering
You can filter the alerts that are displayed.
The following filters are available:
| Filter | Description |
|---|---|
| Search Findings | Search for Alert IDs or Rule Names containing the search text. |
| Severity | Display alerts of specific severities. |
| Finding Rule Name | Display alerts triggered by specific rules (Rule Name column). |
| Source | Display alerts from specific sources. |
| Status | Display alerts of specific statuses. |
| From - To | Display alerts that occurred in a specified period of time. See Filtering by Date below to learn how to choose the date range. |
Note:
- The filters only show those options that appear in the Alerts table.
- If you want to filter by many options, you can click Select All to select all options, and then click those options that you want to deselect.
Filtering by Date
You can filter alerts for a specific date and time range.
To filter by date and time range
- Click From - To. The calendar pages for the previous and current months open. The current date is selected by default in the To calendar page.
In the From and To calendar pages, click the start and end dates of the date range, respectively.
- Use the arrows in the calendar header to open calendar pages of other months or years.
- To filter results for a specific date, select the same date in both calendar pages.
If you want to start or end at specific times in the date range, click Select Time, and in the Time picker that opens, select the time to start on the From date and the time to end on the To date.
Click OK to set the filter.
Total Results
The total number of Alerts found for the search criteria is displayed on the top left side of the Alerts table just under the Filter bar. If no filter criteria are selected, Total represents all the Alerts that occurred.
Resetting Filters and Searches
You can clear a specific filter or reset all filters.
- Click Clear All to clear all selections in a specific filter.
- Click Reset from the top right of the Alerts page to clear all filters, and display all the alerts.
Sorting
You can sort the Alerts table by any column.
To sort the table
Hover over a column header. A small arrow appears. The up arrow indicates that the column is sorted from low to high. The down arrow indicates sorting from high to low. Sorting columns alphabetically is case insensitive.
Click the small arrow to set the sort order.
Alerts Retention
The Alerts page always displays the last 100,000 alerts.
Was this article helpful?