Overview

An alert is a notification of abnormal signals in O&M. It is usually automatically generated by a monitoring system or security device when detecting an exception in the system or networks. For example, when the CPU usage of the server exceeds 90%, the system may generate an alert. These exceptions may include system faults, security threats, or performance bottlenecks.

Generally, an alert can clearly indicate the location, type, and impact of an exception. In addition, alerts can be classified by severity, such as critical, major, and minor, so that O&M personnel can determine which alerts need to be handled first based on their severity.

The purpose of an alert is to notify related personnel in a timely manner so that they can make a quick response and take measures to fix the problem.

When SecMaster detects an exception (for example, a malicious IP address attacks an asset or an asset has been hacked into) in cloud resources, it generates an alert and displays the threat information on the Alerts page in SecMaster.

On SecMaster Alerts page, you can:

• Check alert details. You can check alerts generated over the last 360 days as well as their details, including the alert name, type, severity, and time it was generated. You can customize filters to quickly search for a specific alert by its name, risk severity, occurrence time, and other attributes.

• Convert an alert into an incident or associate an alert with incidents. During the alert analysis, if SecMaster detects attacks or serious threats, it converts such alerts into incidents or associates such alerts with certain incidents.

• Start or stop one-click blocking by using an emergency policy. You can quickly contain a certain type of attacks based on attack sources identified in an alert.

• Disable or delete an alert. Deleted alerts cannot be restored. Exercise caution when performing this operation.

• Add an alert or edit parameters for an alert.

• Import or export alerts.