...
To monitor alert definitions, you can use the data search to access the devo.audit.alert.definition data table. All alert definitions are registered in this table upon creation, as well as any subsequent changes they undergo.
...
Alert notification method | ||
|---|---|---|
Policy based: if you select this option, the notification procedure will be based on existing sending policies. | No notification: if you select this option, no user will be notified when an alert is triggered. This simply means that the alert will not be notified, not that it is not triggered or registered (they will be listed in the Alerts History area and the siem.logtrust.alert.info table). | Default method: if you select this option, only the default sending policy will be used for the notification procedure. This is the default option when you create an alert. |
Assigned policies | ||
If you select the policy-based option, you must check one or more checkboxes corresponding to the sending policies you want to assign. | ||
...