Alerts and Alarms Overview
Alerts and notifications are used to notify administrators about significant events within the system. Notifications can also be sent through e-mail. You will be notified when predefined network traffic condition is met. Alert trigger threshold is number of network traffic events crossing a pre-defined threshold within a period of time. Alarms workspace shows active alarms of devices currently managed by Security Director.
Alerts and notifications provide options for:
Defining alert criteria based on a set of predefined filters. You can use the filters defined in the Filter Management window on the Event Viewer page to generate alerts.
Generating an alert message and notifying you when an alert criteria are met.
Searching for specific alerts on the Generated Alerts page based on alert ID, description, alert definition, alert type, or recipient e-mail address.
Supporting event-based alerts.
For example, If you are an administrator, you can define a condition such that if the number of firewall-deny events crosses a predefined threshold in a given time range for a specific device, you receive an e-mail alert.
If a threshold is crossed and remains so for a long duration, new alerts are not generated. Alerts are generated again when the number of logs matching the alert criteria drops below the threshold and crosses the threshold again.
Understanding Role-Based Access Control for the Alerts and Alert Definitions
You must have Security Analyst or Security Architect role or have permissions equivalent to that role to access the alerts and alert definitions.
You must have the following privileges under Administration > Users & Roles > Roles:
Create Alert Definition under Create Role > Privileges > Alerts > Alert Definitions to create alerts.
Modify Alert Definition to modify alerts.
Delete Alert Definition to delete alerts.
User account under Role Based Access Control to search for user accounts in alert definitions.