.png?sv=2022-11-02&ss=b&srt=o&spr=https&st=2024-05-02T01%3A41%3A11Z&se=2024-05-02T01%3A51%3A11Z&sp=r&sig=GdxWgtl%2F%2FAk%2BCasRknQ76x8Yhse5lU%2FtDaur3eoq9Pg%3D){kind=logo}
Viewing Alerts
- 20 Mar 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Viewing Alerts
- Updated on 20 Mar 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
To view the Alerts triggered in the system
- In the left navigation panel, click the Findings icon
OR - On the top right corner of any screen in the system, click the Alerts bell
. The number of unseen alerts is displayed above the bell.
. The number of unseen alerts is displayed above the bell.
Alerts Table
The Alerts page presents in a table all alerts that you have been notified about (i.e., unmuted), sorted by date, from the newest to the oldest.
The Alerts table provides the following information:
| Field | Description |
|---|---|
| Status | The status of the alert. Available statuses: Unseen, Open, In Progress, Closed, Canceled Note: When you open an Unseen alert from the Alerts table or from Rules Manager> Rule drawer> Alerts History table, the alert status changes to Open. |
| Alert ID | ID number of the alert. Table is sortable by Alert ID. Note: Each time there is an alert in the system, it is assigned an ID number in sequential order. |
| Rule Name | The name of the rule that triggered the alert. |
| Severity | The alert severity. The severity of a Findings alert is equivalent to the severity of the rule that triggered it. The severity of alerts from other sources is fixed per source and is not user configurable. Available options are: Informational, Low, Medium, High, Critical |
| Message | The system message that notified about the alert. Hovering over the tooltip displays a detailed description of the alert. |
| Date and Time | The timestamp in UTC time that the alert was triggered. |
| Check and Notify | The frequency that the rule checks the entity. |
| Source | The source of the alert (for example, Findings Center, Enforcement Center). Learn more about the various alert sources. |
Searching and Filtering
You can filter the alerts that are displayed.
The following filters are available:
| Filter | Description |
|---|---|
| Search Findings | Search for Alert IDs or Rule Names containing the search text. |
| Severity | Display alerts of specific severities. |
| Finding Rule Name | Display alerts triggered by specific rules (Rule Name column). |
| Source | Display alerts from specific sources. |
| Status | Display alerts of specific statuses. |
| From - To | Display alerts that occurred in a specified period of time. See Filtering by Date below to learn how to choose the date range. |
Note:
- The filters only show those options that appear in the Alerts table.
- If you want to filter by many options, you can click Select All to select all options, and then click those options that you want to deselect.
Filtering by Date
You can filter alerts for a specific date and time range.
To filter by date and time range
- Click From - To. The calendar pages for the previous and current months open. The current date is selected by default in the To calendar page.
In the From and To calendar pages, click the start and end dates of the date range, respectively.
- Use the arrows in the calendar header to open calendar pages of other months or years.
- To filter results for a specific date, select the same date in both calendar pages.
If you want to start or end at specific times in the date range, click Select Time, and in the Time picker that opens, select the time to start on the From date and the time to end on the To date.
Click OK to set the filter.
Alerts Retention
The Alerts page always displays the latest 100,000 alerts.
Performing Actions on Alerts
Marking Alerts as Seen
Mark a single or bulk selection of Unseen alerts as seen using the Mark as seen action.
For general information about working with tables refer to Working with Tables.
Was this article helpful?