.png?sv=2022-11-02&spr=https&st=2024-07-27T03%3A19%3A47Z&se=2024-07-27T03%3A29%3A47Z&sr=c&sp=r&sig=z2qeGq%2BFIa7hrCpE4xtL4SFXl9nd9VPvJqThMgqne74%3D){kind=logo}
Viewing Findings Rule Information
- 19 May 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Viewing Findings Rule Information
- Updated on 19 May 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
You can click any rule in the Rules Manager table to open its Rule drawer and view its configuration, and if it has generated alerts (in table, Alert Count not 0), view its alert history.
Viewing the Findings Rule Configuration
To view the rule configuration
- In the Rules Manager table, click a rule.
In the Rule drawer that opens, in the Rule Configuration tab, you can view the rule status (Activated/Deactivated), rule configuration, the Trigger Condition, Scheduling, Mute Conditions (if configured), and External Notification (if configured). Learn more about these parameters in the section that describes how to create a new Findings rule.
Viewing the Findings Rule Alerts History
From the Rules Manager table, you can click a specific rule to open its Rule drawer, and click the Alerts History tab to open the list of alerts since the last time the rule triggered an alert with notification (i.e., was unmuted).
Note:
If the rule has not yet run, the Alerts History tab displays the message: "No alert history for this rule".
During the time that notification of a rule is muted, alerts are created but notification is not sent. When the first alert is created with notification not muted (top row in the Alerts section), all the alerts that were triggered while notifications were muted are written to the Alerts section under this alert.
You can also navigate to the Alert drawer of any alert in the Alerts section.
The Alerts History tab includes the following information:
Triggering Rule Information (same as in the Rules Manager table)
- Severity - The severity of the rule that triggered the alerts.
- Last Triggered - The latest date and time (UTC) that the rule ran the trigger condition and triggered the alert. (Equivalent to Last Notified in the Rules Manager table.)
- Check and Notify - The frequency that the rule runs.
- Alert Count - The number of times the rule triggered an alert since the last time it triggered an alert and notified. This count includes the current alert and the muted alerts (without notification) since the last notification. It is the sum of all Alerts Count in the Alerts table.
- Activity Status - The status of the triggering rule.
Alerts - A section listing the unmuted alerts that have been triggered by this rule. The top row is the current alert, and the rows below it are previous unmuted alerts, from the most recent to the earliest. You can click any alert in this section to open its Alert drawer. The table in the Alerts section shows the following information:
- Alert ID - The ID number of the alert. This number is assigned by the system in sequential order.
- Date Time - The date and time that the rule triggered the alert.
- Alerts Count - The number of times the rule triggered alerts at the specified date and time.
- Status - The status of the alert. Available statuses: Unseen, Open, In Progress, Closed, Canceled. When you open an Unseen alert from this table, the status of the alert changes to Open in the Alerts table.
Viewing Triggered Alert Information
You can open the Alert drawer of any alert that was triggered by a specific rule to view its detailed information.
To view information on an alert triggered by the rule
- In the Alerts History of a rule, in the Alerts section, click an alert. Its Alert drawer opens.
Was this article helpful?