Viewing Alerts
Scenario
On the Alerts tab, you can query alerts in the last 360 days. You can view the alert details, including alert name, type, risk severity, and generation time. By customizing filtering conditions, such as the alert name, risk severity, and time, you can quickly query information about the specific alerts.
This section describes how to view alert information.
Procedure
- Log in to the management console.
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose
.Figure 2 Alerts
- In the upper part of the Alerts page, view alert statistics.
Figure 3 Alert statistics
- Urgent handling of Alerts: displays the total number of critical or high-risk alerts that are not closed.
- Expired Alerts: displays the total number of alerts that have not been closed after the planned closure time.
- Alert Status: displays the total number of alerts in Open, Block, and Closed statuses, and the number of alerts in each status.
- Total Alerts: displays the total number of alerts in the current workspace and the number of alerts of each severity.
- On the Alerts page, view alert details. For details about the parameters, see Table 1.
You can view a maximum of 9,999 alert records on the page.
Table 1 Alert parameters Parameter
Description
Alert Name
Indicates the name of the alert.
Alert Severity
Alert severity. The options are Tips, Low, Medium, High, and Fatal.
Alert Type
Alert type.
Status
Alert status. The options are Open, Blocked, and Closed.
Affected Assets
Assets affected by the alert.
You can move the mouse pointer to the name of an affected asset to view the asset details.
Verification Status
Verification status of the alert, that is, the accuracy of the incident. The options are Unknown, Positive, and False positive.
Owner
Indicates the primary owner of the alert.
Creation Time
Time when the alert is created.
First Occurrence Time
Time when the alert is generated for the first time.
Last Occurrence Time
Last time when an alert was generated
Planned Closure Time
Indicates the planned time when the alert is closed.
Labels
Labels of the alert.
Operation
You can edit, close, and delete alerts.
- To view the overview of an alert, click the alert name. The alert overview is displayed on the right.
- On the alert overview page, you can view alert handling suggestions, basic information, and associated information (including associated threat metrics, alerts, incidents, and attack information).
- To view alert details, click Alert Details in the lower right corner of the alert overview page. The alert details page is displayed.
On the details page, you can view the alert timeline and attack information in addition to the information on the overview page. For example, you can view the first occurrence time of an alert, detection time, and attack process ID.
- On the alert overview or details page, you can change the alert severity and status in the alert severity and status drop-down list boxes.
- On the alert overview or details page, you can associate or disassociate alerts, indicators, and incidents and view information about affected resources.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.