Viewing Advanced Alerts

You can view all triggered alerts, and can acknowledge or filter them.

Navigate to Alerts > Advanced Alerts. From the Alerts page, you can perform the following tasks:

  • Filter alerts

    You can quickly find the desired alert by typing the alert name in the Find field. As you start typing the alert name in the Filter field, the Alerts page is automatically refreshed showing your selection.

  • View alerts based on filters

    You can use filters to easily find alerts. Click the View list to view different filters.

    • All - all alerts in the system
    • Acknowledged - alerts that have been acknowledged
    • High Severity - alerts with high severity
    • Unacknowledged - alerts that have not been acknowledged
  • Acknowledge alerts

    Acknowledging an alert indicates that you have recognized the alert. Once you acknowledge the alert, your user name gets associated with that alert. For instructions on how to acknowledge alerts, see Acknowledging Alerts.

  • Auto-refresh the list of alerts

    Click the down arrow next to the refresh button to set the refresh interval in seconds. Enter the time in seconds. The Alerts table is refreshed as per the defined time interval. By default, it is refreshed every 30 seconds. Clicking the Pause button halts refreshing, and the Pause button changes to Resume. Clicking Resume resumes refreshing the list of alerts.

  • Sort alerts

    You can sort any column in ascending or descending order. To sort by a column, click on the column name or the arrow next to the column name.

  • Show or hide columns

    You can show or hide columns, except the mandatory column, from the table . Click to view all available columns in the table. Select the check box to show the column. Clear the check box to hide the column from the table. The Alerts page is updated immediately.

  • View alert details

    See Viewing Alert Details

The following table describes the Alerts information:

Column Description
Severity The severity of the trigger. The options are:
  • Info
  • Low
  • Medium
  • High
Note: An admin (a user with administrator privileges) can configure severity options. The options might differ if they have been configured.
SLA Expiration The Service Level Agreement (SLA) expiration time is the time by which an operator is expected to acknowledge the alert. When the SLA time expires, it displays the time in negative hours or days in this column field.
Status The icon indicates the alert status:

expired

acknowledged

unacknowledged

Acknowledged The indicates that the alert is acknowledged. Otherwise this field is blank.
Name The trigger name associated with the alert.
Description The description of the alert.
Category The category of the trigger. The options are:
  • Attack on third party
  • Authorized Activity
  • Authorized security testing
  • Emergency changes
  • False positive
  • Known error
  • LogLogic Event
  • Network Noise
  • Security Alert
  • Suspicious Activity
  • Unauthorized Activity
  • Unknown
Note: An admin (a user with administrator privileges) can configure category options. The options might differ if they have been configured.
Elapsed time The time since the alert was created.
Last updated The time when the alert was last updated.