Alert rule management

Concepts

Alerts work by running checks on a schedule to detect conditions. When a condition is met, the alert tracks it as an alert instance and responds by triggering one or more actions. It consists of three main parts:

  • Conditions: what needs to be detected?
  • Schedule: when/how often should detection checks run?
  • Actions: what happens when a condition is detected?

Click on View rules tab to display this screen:

alert-rule-management.png

The data table displays alarms that a rule has triggered.

UTMStack provides time filtering as well as search bars to refine the search by:

  • Rule
  • severity
  • sensor
  • origin
  • destination

Click on Manage alerts to display the Manage event screen.