Active Alerts

The Alerts tab lists details of all alerts triggered (if you have not set up any alert profiles, the tab directs you to do so). You can view the timestamp of the alert, the device which triggered it, the severity, the status of the alert, and the message.

Filtering Alert Profiles

• Click on the filter icon at the top-left corner of the table.

• The Filter Alerts pop-up opens. Here, you can select the appropriate filter options based on the various Alert Parameters and Alert Criteria-Based Fields available.

• You can also select one or more filter options to customize your alerts view.

Creating Alert Views

EventLog Analyzer categorizes the alerts as views Active alerts, Critical alerts, Trouble alerts, Critical alerts, Attention alerts, and All alerts. You can select the required view from the Select view drop-down menu.

You can also create custom views for alerts by configuring a filter for the alert and clicking Apply. Click the Save As View link to enter a name for the view and click Save.

The custom views can only be viewed by the respective users who created the views. Hover your mouse pointer over the created view in the Select View drop-down menu to edit and delete the created views.

Alert Configurations

You can access the following options from the top right corner of the Alerts page:

• The Export As drop-down menu allows you to export alert messages in the CSV and PDF formats.
• The +Add Alert Profile link allows you to add a new alert profile.

Click the settings icon on the top right corner of the page to view the following options:

• Workflow: This option allows you to assign workflows to alert profiles to execute a logical action in your network when an adversity is detected.
• Ticketing tool Integration: This option allows you to configure an external help desk software (ServiceDesk Plus, ServiceNow, Jira Service Desk, Zendesk, Kayako, and BMC Remedy Service Desk) to forward the alerts to.

Whitelisting Threats

Click on the check boxes to select the required alerts. Once the alerts are selected, the options Assign, Status, Delete, and More will appear. You can assign the alert to an administrator, change the status, or delete the alerts by choosing the appropriate options.

Clicking on More will give you the option to Whitelist the Source. In case an alert is raised by Advanced Threat Analytics and you are convinced that the source is not malicious, you can whitelist it by choosing the option here.

Information on the alert

Hovering over the alert gives additional information such as what triggered the alert, the domain, the device involved and more.

Alert Format Message

Clicking on an alert opens a pop-up titled Alert Format Message.

Details such as SL Event ID, Logon Type and more can be obtained by clicking on More Details.

Workflow status

In case a workflow is configured for the alert, the status of the workflow can be viewed in the Alert Format Message pop-up.

Click the status of the workflow for more information. Once clicked, a pop-up will open.

Threshold alerts

For Threshold based alerts, you can now view each instance by clicking on the alert. There will be a section called Threshold.

Clicking on the threshold number will give you a pop-up with more details.

Add / Remove Columns

Cloumns can be added or removed by clicking on the Add / Remove option in the top right corner. You have the option to choose and rearrange the columns as needed. A minimum of 3 and maximum of 7 can be selected.

Note: The default columns cannot be removed and rearranged. The default columns are Time, Notes, and Alert Format message.

Clicking on this will give you a pop-up. Choose the required options by clicking on the checkboxes.

Advanced Threat Analytics Alerts

These alerts are raised when malicious domains, URLs, and IPs intrude into your network. Clicking on this alert will give you a reputation score, the number of times it had appeared on a threat list and more.