The alarmAlarms provide notification of an event or sequence of events that require attention or investigation. details page provides in-depth information on an alarm, what caused it, and how to resolve the situation.
To view the details of an alarm
- Go to Activity > Alarms.
- Click the alarm to display its details.
To the left of an item, click the star symbol to mark it as a bookmark for quick access. Clicking the icon on the secondary menu shows the bookmarked items and a link to them.
Not all alarms found during monitoringProcess of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity. are necessary in managing your environment because they do not pose a security threat. Frequently, there are alarms that create a noisy environment, making it difficult to monitor other alarms that require more attention. You can identify these alarms and suppress them by a rule.
The Alarms Details page includes alarm management functions that are supported for your assigned user roleTasks and responsibilities based on job description and position within an organization. A user's role is often used to define access to functionality and privileges to perform specific tasks and operations.:
- Select Action: See Applying Actions to Alarms for more information.
- Create Rule: See Creating Rules from Alarms for more information.
- Alarm Status: Use this button to set a status for the alarm: open, in review, or closed. See Alarm Status for more information.
- Apply Label: Use this button to classify your alarms. See Labeling the Alarms for more information.
- Add to Investigation: Use this button to associate an alarm with an investigation. See Adding an Alarm to an Investigation for more information.
You can see the alarm details, then the source, the destination, the associated alarm if it exists, the associated eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall., a description, and, in the case of an alarm with a high priority, a recommendation to fix the problem.
The icon located next to the Source and Destination fields, enables you to access several options. See Asset List View for more information. In addition you have these 2 options:
- Add to current filter. This option enables you to add the assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. to the selected filters.
- Add asset to system. Use this option to create the asset, see Adding Assets.