Updated on 2024-10-29 GMT+08:00

Adding and Editing an Alert

Scenario

This section describes how to add or edit an alert.

Adding an Alert

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
  4. In the navigation pane on the left, choose Threat Operations > Alerts.
  5. On the Alerts page, click Add. On the Add page displayed on the right, set parameters as described in Table 1.

    Table 1 Alert parameters

    Parameter

    Description

    Basic information

    Alert Name

    User-defined alert name. The value must contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 255 characters

    Alert Type

    Alert type

    Alert Severity

    Alert severity. The options are Informational, Low, Medium, High, and Critical.

    Status

    Alert status. The options are Open, Blocked, and Closed.

    (Optional) Owner

    Primary owner of the alert.

    Data Source Product Name

    Data source name

    Data Source Type

    Type of the data source. The options are Cloud Service, Third-party, and Private.

    Timeline

    First Occurrence Time

    Time when an alert is generated for the first time.

    (Optional) Last Occurrence Time

    Last time when an alert was generated

    (Optional) Planned Closure Time

    Time when the alert plan is disabled.

    Other

    (Optional) Verification Status

    Verification status of the alert to identify the accuracy of the alert. The options are Unknown, Positive, and False positive.

    (Optional) stage

    Alert phase.

    • Preparation: Prepare resources to process alert.
    • Detection and analysis: Detect and analyze the cause of an alert.
    • Containment, extradition, and recovery: Handle an alert.
    • Post Incident Activity: Follow-up activities.

    (Optional) Debugging data

    Whether to enable simulated debugging.

    (Optional) Labels

    Alert labels.

    Description

    Alert description. The value can contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 1,024 characters.

  6. Click OK.

Editing an Alert

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
  4. In the navigation pane on the left, choose Threat Operations > Alerts.
  5. In the alert list, locate the row that contains the target alert and click More > Edit in the Operation column.
  6. On the Edit slide-out that is displayed, modify alert parameters. For details about the parameters, see Table 2.

    Table 2 Alert parameters

    Parameter

    Description

    Basic Information

    Alert Name

    User-defined alert name. The value must contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 255 characters

    Alert Type

    Alert type

    Alert Severity

    Alert severity. The options are Tips, Low, Medium, High, and Fatal.

    Status

    Alert status. The options are Open, Blocked, and Closed.

    (Optional) Owner

    Primary owner of the alert.

    Data Source Product Name

    Name of the data source, which cannot be changed

    Data Source Type

    Type of the data source, which cannot be changed

    Timeline

    First Occurrence Time

    Time when an alert is generated for the first time.

    Last Occurrence Time

    Last time when an alert was generated

    Planned Closure Time

    Time when the alert plan is disabled.

    Other

    Labels

    Alert labels.

    Debugging data

    Whether to enable simulated debugging. This parameter cannot be modified once configured.

    Verification Status

    Verification status of the alert to identify the accuracy of the alert. The options are Unknown, Positive, and False positive.

    Stage

    Alert phase.

    • Preparation: Prepare resources to process alert.
    • Detection and analysis: Detect and analyze the cause of an alert.
    • Contain, extradition, and recovery: Handle an alert.
    • Post Incident Activity: Follow-up activities.

    Description

    Alert description. The value can contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 1,024 characters.

  7. Click OK.