Alerts
  • 03 Apr 2023
  • 2 Minutes to read
  • Contributors
  • PDF

Alerts

  • PDF

Article summary

This article provides an overview on Alerts.

Overview

Alerts are important indicators that suspicious behavior has been spotted in the network. When this kind of activity is detected, Interceptor will generate an alert, which contains all the detailed information that was available to Interceptor about the event that triggered it.

Accessing Alerts

To access alerts

  1. Go to Cybersecurity ▶ Alert
    To access Alerts, go to Cybersecurity ▶ Alerts.

alerts.gif

Viewing Alerts

To view more details for an alert

  1. Go to Cybersecurity ▶ Alert
  2. Click on the row of the alert you want to investigate.

This opens a window that will provide you with more details, as shown below:

image.png


Note: You can click the copy button to copy information from many of the above values. This will save the information to the clipboard, making it much easier to search for information.

Expanding the View

You can expand the view to see the full context view for the alert, as shown below:

drop table and expand.gif

Viewing Events

To see the network events that triggered the alert, click See events. This will redirect you to the Events tab, which will have all predefined filters already added.

see events.gif

Changing Alert Status

To change the alert's status, select an alert and click the drop-down Status menu to choose the desired value. Alerts have the same status values as incidents, which are:

  • New
  • In Progress
  • Closed
  • Resolved


Note: If you change the status of an alert directly, instead of through the incident's status that the alert belongs to, then the alert will be deleted from the incident and the status will be changed separately from the incident.

Navigating to the Incident

To open the incident that the alert belongs to, click the Investigate button. This will redirect you to the respective incident.

In some cases, the Investigate button may be disabled. If this happens, it is because the alert hasn't been added to an incident yet.

This happens if:

  • There was no other alerts to correlate with
  • There was a lag between the alert and incident creation

Alert grouping

To view alerts grouped by chosen categories

  1. Click the Categories button.
  2. Choose a maximum of three categories to group the alerts by.

image.png

To remove alert grouping

  1. Click the Reset to default button in the Categories window.

To see all alerts in a category

  1. Click on the category.
    alert_grouping.gif

Reducing the Number of False Positive Alerts

A false positive alert is an alert that is triggered, but later determined to be harmless. These do not require remediation.

Some network conditions can trigger large numbers of alerts. These include, but are not limited to:

  • Automatic backups
  • Vulnerability scanners
  • Web crawlers
  • Network scanners

DSL Rule Editor

This feature will allow administrators to create and edit their own detection rules.
For more information, contact your customer support team, or sales manager.


Note: This Feature is administrators only in release 23.04.

Multiple Alerts

As of release 23.04, you can select multiple alerts to change their status.
If you drill down into a category to view individual alerts, multi-selection is also available to child rows.

To view the detail pane below

  1. Click anywhere on the row to highlight.
  2. Select the row via checkbox.


Note: Once a row is selected, the cell selection is disabled and the change status action is only available at the top.

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.