This document explains the Threat Management module. The Threat Management module groups all alerts that are generated by the correlation engine. For more information about Correlation engines, refer to <link>.
Alerts section under the Threat Management module groups all the alerts detected by the multiple systems and correlation rules that are used by the application.
To open the Alerts window, follow the steps below:
- On the UTMSTACK home page, click Threat Management.
A drop-down list opens.
- Select Alerts.
The Alerts window opens, as shown below.
Figure 1: Manage Alert Window
Alerts is an interactive module where you can manage alerts by using various filters, rules, tags, and many more features. To better understand the Alerts module, refer to Figure 1. The figure is highlighted with different colors and numbers.
The Filters pane is present on the left-hand side of the Alerts window. In Figure 1, it has been highlighted in red and numbered as 1.
Filters pane has various ways to filter the alerts that are shown on the Alerts window. It helps in searching specific alerts that you need to see or investigate further. Figure 2 shows the Filters pane.
Figure 2: Filters Pane
In the Filters pane, you can filter the alerts by Rule, Severity, Category, Sensor, or Tags. These are default filters that are shown in the Filters pane. You can add more filters to display in the Filters pane.
To add or remove filters in the Filters pane, follow the steps below:
Manage filters floating window opens, as shown in Figure 3.
Figure 3: Manage filters Window
- Select the desired filter in the list of Inactive filters.
The filter name is highlighted.
- Click the icon to add the selected filter in the Visible filters
The filter adds to the list of Visible filters list and displays in the Filters pane.
- (Optional) In the Visible filters section, you can change the order of filters by dragging and dropping them.
These filters are visible in the same order in the Filters pane.
You can filter alerts by Rule, Severity, Category, Sensor, or Tags. Also, you can add more filters to use, as explained in the above section.
For any filter, you can either scroll and look for the desired alert OR type in a query in the Search in values field to search for a specific alert, as shown in Figure 4.
Figure 4: Filters and Search fields
Time filters help to display alerts for a specific time range. Alerts module has many time filters to select from, including a custom time range filter. For example, if you want to see alerts that have been generated in the last 30 days, 7 days, 24 hours, or 1 hour.
To use the time filters, follow the steps below:
A drop-down list opens.