- 03 Apr 2023
- 2 Minutes to read
- Contributors
- Print
- PDF
Alerts
- Updated on 03 Apr 2023
- 2 Minutes to read
- Contributors
- Print
- PDF
This article provides an overview on Alerts.
Overview
Alerts are important indicators that suspicious behavior has been spotted in the network. When this kind of activity is detected, Interceptor will generate an alert, which contains all the detailed information that was available to Interceptor about the event that triggered it.
Accessing Alerts
► To access alerts
- Go to Cybersecurity ▶ Alert
To access Alerts, go to Cybersecurity ▶ Alerts.
Viewing Alerts
► To view more details for an alert
- Go to Cybersecurity ▶ Alert
- Click on the row of the alert you want to investigate.
This opens a window that will provide you with more details, as shown below:
Note: You can click the copy button to copy information from many of the above values. This will save the information to the clipboard, making it much easier to search for information.
Expanding the View
You can expand the view to see the full context view for the alert, as shown below:
Viewing Events
To see the network events that triggered the alert, click See events. This will redirect you to the Events tab, which will have all predefined filters already added.
Changing Alert Status
To change the alert's status, select an alert and click the drop-down Status menu to choose the desired value. Alerts have the same status values as incidents, which are:
- New
- In Progress
- Closed
- Resolved
Note: If you change the status of an alert directly, instead of through the incident's status that the alert belongs to, then the alert will be deleted from the incident and the status will be changed separately from the incident.
Navigating to the Incident
To open the incident that the alert belongs to, click the Investigate button. This will redirect you to the respective incident.
In some cases, the Investigate button may be disabled. If this happens, it is because the alert hasn't been added to an incident yet.
This happens if:
- There was no other alerts to correlate with
- There was a lag between the alert and incident creation
Alert grouping
To view alerts grouped by chosen categories
- Click the Categories button.
- Choose a maximum of three categories to group the alerts by.
To remove alert grouping
- Click the Reset to default button in the Categories window.
To see all alerts in a category
- Click on the category.
Reducing the Number of False Positive Alerts
A false positive alert is an alert that is triggered, but later determined to be harmless. These do not require remediation.
Some network conditions can trigger large numbers of alerts. These include, but are not limited to:
- Automatic backups
- Vulnerability scanners
- Web crawlers
- Network scanners
DSL Rule Editor
This feature will allow administrators to create and edit their own detection rules.
For more information, contact your customer support team, or sales manager.
Note: This Feature is administrators only in release 23.04.
Multiple Alerts
As of release 23.04, you can select multiple alerts to change their status.
If you drill down into a category to view individual alerts, multi-selection is also available to child rows.
To view the detail pane below
- Click anywhere on the row to highlight.
- Select the row via checkbox.
Note: Once a row is selected, the cell selection is disabled and the change status action is only available at the top.
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks