Manage events

An Event is any change in your system. The logs for instance, represent an event that occurred.

An Alerts is a warning about the occurrence of some events that match specific conditions. The IT Team analyze events (and alerts) to decide if they represent a malicious activity.

When you select Threat Management > Events, UTMStack displays the following page:


1. You can search and filter for events using time ranges and other event attribute criteria. By default, the next filters are displayed:

Rule: Rule used to detect the event

Severity:  Returns events classified according to the severity level: Log, Low, Medium, and High. The severity levels are based on the following rules:

  • Log— Severities with values equal to 0.
  • Low Severity — Severities with values between 0,1 and 3,9.
  • Medium Severity — Severities with values between 4 and 6,9.
  • High Severity — Severities with values between 7 and 10.

Category:  It is based on the event type, such as information leak, web application attack, etc. It indicates the urgency with which an event should be investigated.

Sensor: This filter allows you to select a deployed Sensor from the list.

Tag:  You can perform a query using one othe tags provided in
this section as your search criteria.

2.  UTMStack displays all events, or filtered events (if you defined a search criteria). From the tabular summary listing of events, you can click on any event row to view further details in a popup window. You can also apply incidents, add notes, or tags.
The table displays the next columns: Rule, Severity, Time, Sensor, Source IP, and Destination IP.

Click on any row to display a windows with a full description: summary, proposed solution, edit solution, detail(rule, ID, Status,etc), view log, and view changes history.

3. Save reports: You can save a report in CSV format.


4. Manage tags: this function allows creating a new tag, as well as choose and edit the default tags.

5. View rules


You can manage your alert rules from the Alert rule management page. The search bars allows you to filter by: rule, severity, sensor, origin, and destination.

5. Alert documentation management.  It is important to identify and document the alerts.


The screen shows three tabs: solution, categories, and description. Every tab has a search bar and the option of adding a new solution, category, or description respectively.