Alerts
  • 10 Nov 2022
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Alerts

  • Dark
    Light
  • PDF

In this article, we're going to take a look at Alerts, beginning with a quick overview.

Overview

Alerts are important indicators that suspicious behavior has been spotted in the network. When this kind of activity is detected, Interceptor will generate an alert, which contains all the detailed information that was available to Interceptor about the event that triggered it.

Accessing Alerts

To access alerts

  1. Go to Cybersecurity ▶ Alert
    To access Alerts, go to Cybersecurity ▶ Alerts.

alerts.gif

Viewing Alerts

To view more details for an alert

  1. Go to Cybersecurity ▶ Alert
  2. Click on the row of the alert you want to investigate.
    This will open a window that will provide you with more details, as shown below:

image.png


Note: You can click the copy button to copy information from many of the above values. This will save the information to the clipboard, making it much easier to search for information.

Expanding the View

You can expand the view to see the full context view for the alert, as shown below:

drop table and expand.gif

Viewing Events

To see the network events that triggered the alert, click See events. This will redirect you to the Events tab, which will have all predefined filters already added.

see events.gif

Changing Alert Status

To change the alert's status, select an alert and click the drop-down Status menu to choose the desired value. Alerts have the same status values as incidents, which are:

  • New
  • In Progress
  • Closed
  • Resolved


Note: If you change the status of an alert directly, instead of through the incident's status that the alert belongs to, then the alert will be deleted from the incident and the status will be changed separately from the incident.

Navigating to the Incident

To open the incident that the alert belongs to, click the Investigate button. This will redirect you to the respective incident.

In some cases, the Investigate button may be disabled. If this happens, it is because the alert hasn't been added to an incident yet.

This happens if:

  • There was no other alerts to correlate with
  • There was a lag between the alert and incident creation

Alert grouping

To view alerts grouped by chosen categories

  1. Click the Categories button.
  2. Choose a maximum of three categories to group the alerts by.

image.png

To remove alert grouping

  1. Click the Reset to default button in the Categories window.

To see all alerts in a category

  1. Click on the category.
    alert_grouping.gif

Reducing the Number of False Positive Alerts

A false positive alert is an alert that is triggered, but later determined to be harmless. These do not require remediation.

Some network conditions can trigger large numbers of alerts. These include, but are not limited to:

  • Automatic backups
  • Vulnerability scanners
  • Web crawlers
  • Network scanners

© 2022 Accedian Networks Inc. All rights reserved. Accedian®, Accedian Networks®,  the Accedian logo™, Skylight™, Skylight Interceptor™ and per-packet intel™, are trademarks or registered trademarks of Accedian Networks Inc. To view a list of Accedian trademarks visit: http://accedian.com/legal/trademarks/. 


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.