Alert Navigation and Dismissal Reasons

The Alerts page in the Threat Stack Cloud Security PlatformⓇ (CSP) is your source for viewing, dismissing and suppressing alerts.

The Alerts page displays the following information:

  • Alert Trends over time in the form of a histogram
  • Alerts sorted by severity, type, active or dismissed
  • Alert information table including filter rule and ruleset details

Alerts_page.png

Alerts Page Navigation

The following alert details are displayed on the Alerts page:

  1. Sev 1 - Clicking this tab displays a histogram and a list of Severity 1 alerts.
  2. Sev 2 - Clicking this tab displays a histogram and a list of Severity 2 alerts.
  3. Sev 3 - Clicking this tab displays a histogram and a list of Severity 3 alerts.
  4. CloudTrail - Clicking this tab displays a histogram and a list of CloudTrail alerts.
    • This tab will be visible if you have configured CloudTrail integration within your AWS account, and created a CloudTrail rule in the Threat Stack CSP.
    • For more information about setting up a CloudTail integration, see AWS Integrations Overview.
  5. All Active Alerts - Clicking this tab displays a histogram and a list of all active alerts.
  6. Dismissed Alerts - Clicking this tab displays a histogram and a list of all dismissed alerts.
  7. Add New Tab - Clicking this button allows you to customize your Alerts page by adding a new tab.
  8. Expand / Collapse Arrow - Clicking this button displays the Filter / Dismiss pane.
  9. Alert Trends Histogram - It shows a graphical display of alerts triggered over a time frame. This can help you better track the abnormal spikes of alerts and review the behaviors that caused the events.
    • The default view of the histogram is seven days. Double-clicking the histogram will revert to displaying a date range covering one year.
  10. Filter by Title - All alert tabs display this search field, allowing you to search for specific alerts.
  11. Results Limit - By default, the Threat Stack CSP displays 20,000 alerts. You can adjust the slider to display up to 60,000 alerts. To display all alerts triggered in the past year, double-click the Alerts Trends histogram.
  12. Alert View Options - By default, alerts display in Group View. Selecting List View displays individual alerts.
  13. List of Alerts - The Threat Stack CSP displays an alert table, listing information such as the alert title, date range of the triggered alert, and other relevant alert details.
    • The information displayed in the table will vary based on the alert view selected.

Alerts_page_navigation.png

Dismiss an Alert

Dismissing an alert indicates you have reviewed and acknowledged a particular behavior, or a set of behaviors. From a compliance perspective, a record of dismissed alerts shows an auditor you reviewed and acknowledged particular behaviors.

When you dismiss an alert, it is removed from view. If the behavior happens again the alert will re-appear.

    1. Log into Threat Stack.
    2. In the left navigation pane, click the Alerts tab. The Alerts page displays.


      Alerts_tab.png

    3. Select an alert or multiple alerts for dismissal. In the right view pane, the Dismiss screen displays.
      • In this example, a Severity 2 alert was selected from the Sev 2 tab.

      Select_alert_to_dismiss.png

      Note

      Clicking an alert displays the contributing events that caused the alert. For more information, see Life Cycle of an Alert > Review an Alert.

    4. Select a reason to dismiss the alert. The available options are:
      • None
      • Required for Business Operations
      • Normal per Company Policy
      • Required Temporarily, for Testing and Maintenance
      • Other
        • Selecting this option displays a blank text box, allowing you to specify a reason for the dismissal.
    5. After making your selection, click the Dismiss [#] Alert button.


      Dismiss_alert_reason.png

View Dismissed Alerts

Dismissed alerts display in the Dismissed Alerts tab. This tab may be hidden from view.

  1. Log into Threat Stack.
  2. In the left navigation pane, click the Alerts tab. The Alerts page displays.


    Alerts_tab.png

  3. If the Dismissed Alerts tab is hidden, click the Hidden Tabs button.

    HiddenTabButton.png

    The Select a Tab dialog displays.

    SelectATabDialog.png

  4. Click the Dismissed Alerts link to display the Dismissed Alerts tab in the navigation menu.
  5. Click the Dismissed Alerts tab to display a list of all dismissed alerts.


    Dismissed_alerts.png

Related Articles

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request