Alert View

Organizing, viewing and curating alerts is a vital piece of the workflow in managing security of cloud environments. Based on customer feedback and for an improved overall experience, we re-designed the Alerts page to address the following issues:

  • Significantly faster page loading, even with thousands of open alerts.
  • Quickly search through alerts - for example, show me all alerts that have a particular user name or ones with a specific command or argument(s).
  • Create customized alert views - for example, every time I log into my account I want to see alerts from my database servers.

Note

The default view of the Alert Trends histogram is now seven days. Double-clicking the histogram will revert to displaying a date range covering one year.

Alerts_page.png

Important

If a rule that triggered an alert is deleted, a generic icon (Placeholder_icon.png) displays on the Alerts page instead of the icon associated with the triggered rule.

Features
  • Tabs as focus areas: We narrowed in on the well-known concept of browser tabs as focus areas, with in-built default tabs and the ability for customers to create and save their own tabs. Each tab can be customized to match the originating rulesets and/or originating servers (EC2 tags).
  • Live alert loading: The Alerts page will display alerts as they come in. It will not delay the loading of alerts coming into the Threat Stack Cloud Security Platform (CSP).
  • Search on alert titles: All tabs have a "Filter by Title" search field. Results appear as the users type in the words in the search bar.
Alert Tabs

The following alert tabs are displayed on the Alerts page:

  • Sev 1: It displays a histogram and a list for the highest level of alerts.
  • Sev 2: It displays a histogram and a list for the second highest level of alerts.
  • Sev 3: It displays a histogram and a list for the third highest level of alerts.
  • CloudTrail: It displays a histogram and a list of alerts related to CloudTrail events in your Amazon Web Services (AWS) environment. For more information, please review the Get Started with CloudTrail Alerting article.

    Note

    To view CloudTrail alerts, ensure you have enabled integration of your AWS environment within the Threat Stack CSP. For more information, please review the AWS Integrations Overview article.

  • All Active Alerts: It displays a histogram and a list of all active alerts.
  • Dismissed Alerts: It display a histogram and a list of dismissed alerts.
    • When you dismiss an alert, it removes it from view. If the behavior happens again the alert will re-appear.
Adding a New Alert Tab

You can customize the Alerts page by adding a new tab.

  1. Click the Add New Tab button


    AddNewTab.png

    The + Add New Tab dialog displays.

    AddNewTabDialog.png

  2. After specifying a tab name and description, click the Add New Tab button.


    AddNewTabButton.png

    The newly added tab displays with its name and description.

    CustomTabDisplays.png

  3. Click the expand / collapse button to display the available filter options.


    Custom_tab_expand_button.png

  4. Within the filter pane, you can perform the following actions:
    • Delete the custom tab: Click the Delete Tab link to remove the custom tab from the Alerts page.
    • Save your filter options: Click the Save button to register your changes.

    For more information about modifying your filters, see Alert Filtering Options below.

    Custom_tab_filter_pane.png

  5. After making your changes, click the expand / collapse button to close the filter pane.
Viewing a Hidden Alert Tab

You can display hidden tabs on the Alert page.

  1. Click the Hidden Tabs button.


    HiddenTabButton.png

    The Select a Tab dialog displays.


    SelectATabDialog.png

  2. Search or select the tab name to display. In this example, Dismissed Alerts was selected.

    The tab is now visible on the Alerts page. To revert to hiding the tab, click the close icon (x) to remove it.


    HideAlertButton.png

Alert Filtering Options

You can filter your alerts for troubleshooting or investigative purposes. There are various filter categories to choose from on the Alerts page.

  1. Select an alert tab.
  2. Click the expand / collapse button to display the filter dialog.


    ExpandCollapseButton.png

    Some of the filter options are as follows:

    • Filter by Rule
    • Filter by Tags
    • Filter by Ruleset
    • Filter By Severity

      Note

      This filter option does not appear for Severity 1 (Sev 1), Severity 2 (Sev 2) and Severity 3 (Sev 3) alerts.


    FilterPaneExpanded.png

  3. After making your selection, your filtered alerts are displayed.

    Note

    You can select multiple filter options from different categories. For example, you can select a rule from the Filter by Rule pane and a ruleset from the Filter by Ruleset pane.

  4. To remove your newly added filters, click the Clear all filters button.


    ClearAllFiltersButton.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request