- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Buying SecMaster
- Authorizing SecMaster
- Viewing Security Overview
- Workspaces
- Viewing Purchased Resources
- Security Situation
- Resource Manager
- Risk Prevention
- Threat Operations
- Security Orchestration
-
Playbook Overview
- Ransomware Incident Response Solution
- Attack Link Analysis Alert Notification
- HSS Isolation and Killing of Malware
- Automatic Renaming of Alert Names
- Auto High-Risk Vulnerability Notification
- Automatic Notification of High-Risk Alerts
- Auto Blocking for High-risk Alerts
- Real-time Notification of Critical Organization and Management Operations
-
Settings
- Data Integration
-
Log Data Collection
- Data Collection Overview
- Adding a Node
- Configuring a Component
- Adding a Connection
- Creating and Editing a Parser
- Adding and Editing a Collection Channel
- Managing Connections
- Managing Parsers
- Managing Collection Channels
- Viewing Collection Nodes
- Managing Nodes and Components
- Partitioning a Disk
- Logstash Configuration Description
- Connector Rules
- Parser Rules
- Upgrading the Component Controller
- Customizing Directories
- Permissions Management
- Key Operations Recorded by CTS
-
Best Practices
-
Log Access and Transfer Operation Guide
- Solution Overview
- Resource Planning
- Process Flow
-
Procedure
- (Optional) Step 1: Buy an ECS
- (Optional) Step 2: Buy a Data Disk
- (Optional) Step 3: Attach a Data Disk
- Step 4: Create a Non-administrator IAM User
- Step 5: Configure Network Connection
- Step 6: Install the Component Controller (isap-agent)
- Step 7: Install the Log Collection Component (Logstash)
- (Optional) Step 8: Creating a Log Storage Pipeline
- Step 9: Configure a Connector
- (Optional) Step 10: Configure a Log Parser
- Step 11: Configure a Log Collection Channel
- Step 12: Verify Log Access and Transfer
- Credential Leakage Response Solution
-
Log Access and Transfer Operation Guide
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Alert Management
- Incident Management
- Indicator Management
- Playbook Management
- Alert Rule Management
- Playbook Version Management
- Playbook Rule Management
- Playbook Instance Management
- Playbook Approval Management
- Playbook Action Management
- Incident Relationship Management
- Data Class Management
- Workflow Management
- Data Space Management
- Pipelines
- Workspace Management
- Metering and Billing
- Metric Query
- Baseline Inspection
- Appendix
- FAQs
Viewing Alert Details
Scenario
On the Alerts page in SecMaster, you can check the alert list for the last 360 days. The list contains alert names, types, severity levels, and occurrence time. By customizing filtering conditions, such as the alert name, risk severity, and time, you can quickly query information about the specific alerts.
This section describes how to view alert information.
Prerequisites
To check alerts from other cloud services, you need to enable the function of automatically converting logs into alerts on the Data Integration page. If this function is disabled, logs that meet certain alert rules will not be converted to alerts or displayed on the Alerts page. For details, see Enabling Log Access.
Viewing Alert Details
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Click
in the upper left corner of the page and choose Security & Compliance > SecMaster. - In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose Threat Operations > Alerts.
Figure 2 Alerts
- View alert information.
Figure 3 Viewing Alerts
Table 1 Viewing Alerts Parameter
Description
Time ranges (Today, This week, This month, or Customize)
In the upper right corner on the page, you can select a time range to view alerts generated during this period. By default, alerts generated in the current week are displayed.
Unhandled Alerts
This area displays how many alerts that are not handled within the specified time range in the current workspace. The unhandled alerts are displayed by severity.
Alerts Handled Automatically (Auto)
This area displays how many alerts that are handled automatically by playbooks within the specified time range in the current workspace.
Alerts Handled Manually (Manual)
This area displays how many alerts that are handled manually within the specified time range in the current workspace.
Alerts
This area displays how many alerts that are reported within the specified time range in the current workspace.
Alarm list
The list displays more details about each alert.
You can view the total number of alerts below the alert list. You can view a maximum of 10,000 alert records page by page. To view more than 10,000 records, optimize the filter criteria.
In the alert list, you can view the alert type, summary, severity, source, and handling status. To view details about an alert, click its name. On the alert details page displayed:
- You can comment on, block, unblock, close, and delete the alert, convert the alert into an incident, and refresh the alert status.
- You can view the security overview, context, relationship, and comments about the alert.
- Security Overview: On this tab, you can view the summary, handling suggestions, basic information, and request details of the alert.
- Context: On this tab, you can view the key and full context information of the alert in JSON format or in a table.
- Relationship: On this tab, you can view associated information, such as associated alerts, incidents, indicator, and affected assets, about the alert.
- Comment: On this tab, you can view historical comments on the alert and make your comments.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
