Viewing Alert Information
  • 18 Jan 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Viewing Alert Information

  • Dark
    Light
  • PDF

Article Summary

The Source column in the Alerts table displays the source of the alert.
You can click an alert row to view the alert's detailed information and attempt to fix the issue that caused the alert.

Viewing a Findings Center Alert

From the Alerts page, you can view the detailed information of an alert.

To view alert details

  • In the Alerts tab of the Findings Center, click an alert (i.e., an unmuted alert that you have been notified about) originating from the Findings Center to open its Alert drawer with all its detailed information.

The Alert drawer includes the following:

  • Alert overview - The top row of the Alerts drawer. Displays all the information from the row of the selected alert from the Alerts table, as well as Alert Count - the number of times the alert was triggered since the last alert with notification was triggered. This count includes the current alert and the muted alerts (without notification) since the last notification.

  • Trigger Condition - The configuration of the condition in the rule that triggered this alert.

  • Alerts - A table listing the alerts that have been triggered since the last alert with notification. The top row is the current alert (unmuted, with notification) and the rows below it are the rows of the muted alerts from the most recent to the earliest. This table shows the following information:

    • Alert ID - The ID number of the alert. This number is assigned by the system in sequential order. For muted alerts, a Mute icon appears after the ID number.
      MutedAlerts

    • Count - For a Simple query threshold trigger condition only. Displays the number of assets that met the condition and created the alert. From the top alert (current, with notification), you can pivot to this list of assets.
      AlertDrawerSimpleQueryNew

    • Count 1, Count 2 - For Query comparison and Query change over time trigger conditions. Displays under the Count 1 and Count 2 columns the number of assets that were compared in the condition that created the alert.
      AlertDrawerCompareCounts1

    • Date - The date and time of the triggered alert.

  • Link to the Findings Center rule that triggered this alert - in the Alert drawer header.

To view the source of a Findings Center alert

  1. In the Alerts table, click an alert with Source = Findings Center. The Alert drawer opens.
  2. Pivot to the alert assets.
  3. Open the rule that triggered this alert.
  4. Attempt to fix the issue that caused the alert.
  5. Manually update the status of the alert, as relevant.

Viewing Alert Assets

Note:

If you have modified the rule that triggered the alert, old links (i.e., of alerts that were triggered prior to the rule modification) used to pivot to assets will not work. To learn more, refer to the note in Editing a Findings Rule.

The Alerts section shows all the alerts triggered by the rule (including muted alerts), with the most recent one on top of the list. From the most recent alert, you can pivot to the list of assets that crossed the threshold and therefore created the alert.

To pivot to alert assets

  • In the Alert drawer, under the Alerts section, click the number of assets under the Count or Count 1 (but not Count 2) columns:
    • Count column: For alerts triggered by a rule configured with the Simple query threshold trigger condition.
    • Count 1, Count 2 columns: For alerts triggered by a rule configured with the Query comparison or Query change over time trigger conditions.

Opening the Triggering Rule

From the Alert drawer, you can open the configuration of the rule that triggered the alert. You can update the rule configuration, if required.

To open the triggering rule

  1. In the header of the Alert drawer, click the Go to Findings Rule icon FindingsIcon. The Findings rule that triggered this alert opens.
  2. Update the rule configuration, if required.

Viewing an Enforcement Center Alert

You can view system alerts sent from the Enforcement Center.

ECAlert

To view the source of an Enforcement Center alert

  1. In the Alerts table, click an alert with Source = Enforcement Center. The Run drawer within the Run History screen opens, showing the results of the enforcement run. You can go to the assets from the Run History drawer.
  2. Attempt to fix the cause of the alert.
  3. Manually update the status of the alert, as relevant.

Viewing an Adapter Connection Alert

You can view the notifications sent from the Adapters module when there is an adapter connection issue.

AdapterALert

To view the source of an Adapter Connection alert

  1. In the Alerts table, click an alert with Source = Adapter Connection. The screen of the adapter with the connection alert opens (refer to Adapter Connections). For example:
    AdapterError
  2. Click the Error icon. The Connection screen opens, showing the error. For the adapter in the above example:
    ConnectionError
  3. Attempt to fix the cause of the alert.
  4. Manually update the status of the alert, as relevant.

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.