Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Creating and Managing Security Alerts

Creating Security Alert Definitions

You can create an alert definition to monitor your data in real time. You can identify issues and attacks before they impact your network.

For example, if you are an administrator, you can define a condition such that if the number of firewall deny events crosses a predefined threshold in a given time frame for a specific device, you receive an e-mail alert.

To create a security alert definition:

  1. Select Monitor > Alerts & Alarms > Definitions/Notifications > Security Alerts Definitions.

    The Security alert definitions page appears.

  2. Click the create icon (+) or add icon (+).

    The Create an Alert Definition page appears.

  3. Complete the configuration according to the guidelines provided in Table 1.
  4. Click OK. If you want to discard the changes, click Cancel instead.

A new alert definition with the configured alert triggering condition is created. You can view the generated alerts from the alert definition to troubleshoot the issues with your system.

Table 1: Fields on the Security Alert Definitions Page

Field

Description
General

Alert Name

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 63 characters.

Alert Description

Enter a description for the alerts; maximum length is 1024 characters.

Alert Type

Displays the type of alert that is system-based.

Status

Select the Active check box to view only the active alerts.

Severity

Select the severity level of the alert: info, minor, major, critical.
Trigger

Use Data Criteria from Filters

Specifies the data criteria from the list of default and user-created filters that are saved from the Event Viewer.

To add saved filters:

  • Click the Use data criteria from filters link. The Add Saved Filters page appears.

  • Select the filters to be added.

  • Click OK.

Add Data Criteria

Specifies the data criteria based on the Time Span period, Group By, and Filter By option. Filtered data only displays the subset of data that meets the criteria that you specify.
Recipient(s)

E-mail Address(es)

Specify the e-mail addresses for the recipients of the alert notification.

Custom Message

Enter a custom string for identifying the type of alert in the alert notification e-mail.

Editing, Cloning, and Deleting Security Alert Definitions

You can edit, clone, and delete security alert definitions.

Editing Security Alert Definitions

To edit the security alert definition:

  1. Select Monitor > Alerts & Alarms > Definitions/Notifications > Security Alerts Definitions.

    The Security Alerts Definition page appears.

  2. Select the check box of the security alert definition that you want to modify, and click the edit icon.

    The Edit Alert Definition page appears. The options available on the Create Alert Definition page are available for editing.

  3. Update the configuration as needed.
  4. Click OK to save the changes. If you want to discard your changes, click Cancel instead.

Cloning Security Alert Definitions

You can clone an alert definition when you want to quickly create a copy of an alert definition and modify its parameters including the name of the alert.

To clone an alert definition:

  1. Select Monitor > Alerts & Alarms > Definitions/Notifications > Security Alerts Definitions.

    The Security Alert Definitions page appears.

  2. Select the alert definition that you want to clone, and click More > Clone at the top right corner of the page.

    The Clone Alert Definition page appears. The options available on the Create Alert Definition page are available for editing.

  3. Click OK to save the configuration.

    A new alert definition is created.

Deleting Security Alert Definitions

You can click the delete icon (X) to delete one or more alert definitions.

To delete the alert definition:

  1. Select Monitor > Alerts & Alarms > Definitions/Notifications > Security Alerts Definitions.

    The Security Alerts Definition page appears.

  2. Select the alert definition that you want to delete and click the delete icon (X icon).

    The Confirm Delete page appears.

  3. Click Yes to delete the alert definition or No to cancel the deletion.

    If you click Yes, then the alert definition is deleted from the main page.