Navigate triggered alerts
- Borja Moro Moreno (Unlicensed)
- Virginia Camuñas Núñez
What permissions do I need?
To access the Alerts overview area and navigate the alert list, you need at least the View level of the Triggered alerts permission (see a detailed descriptions of the alerts permissions here).
Additionally, you need to have alerts assigned with at least View access (see Assign resources to a role).
Navigating triggered alerts
The alert list is paginated so you can easily navigate and see the alerts you’re interested in. Simply use the controls at the top right of the list to show alerts (or alert groups) accordingly. These controls are always visible while you scroll up and down, allowing you to navigate at any moment.
Items: you can see the total number of alerts triggered for the selected period.
Items per page: choose the number of alerts shown in each page with the drop-down.
Page navigation: navigate using the backward and forward arrows or use the field to introduce a specific page.
Display density: choose one of the three options to set the height of the rows -comfortable, default, and compact.
Name: This column shows the alert name.
ID: An unique identification number is assigned to each alert. By selecting it you will be able to review the alert details and available actions.
Status: Select any of the 5 different scale status (from “Unread“ to “Closed“)to address your alerts.
When: Alert triggering date.
Priority: Establish the alert priority (from “Low“ to “Very high“) to neutralize top priority threats.
Source table: Data source origin.
Entity attributes: Specific characteristics or properties detected for that alert used to make access control or security decisions.
Source / Destination icons: The “ascending” icon (
) indicates that the attribute value comes from the source, while the “descending” icon (
) indicates that the attribute value comes from the destination.
Number of attributes: The “+ number” icon appears next to the attribute when the alert has more than one attributes assigned, making double click on it will show the complete attribute list.
Note that when this column is empty you may need to add the entity attributes manually by:
Editing the alert definition:
Detect entity attributes mapping problems.
Grouping operations may block attributes mapping.
Even editing the query, all those previous triggered alerts to 2025/02/04 will not have entity attributes assigned.
Summary: Defined at alert creation.
Category - Subcategory: Assigned at alert creation.
Trace status: Allows Deeptrace users relate attack traces and investigations with triggered alerts.
Selecting visible columns
The alert list can be customized to display only those columns you’re interested in. Click the ellipsis menu next to the navigation controls and select Column visibility. Then, uncheck the boxes of the columns you want to hide and they will be instantly hidden.
In the very same menu, you can also change the order of the columns on the list by dragging the names to the desired position. As it happens when hiding them, the changes will be instantly reflected on the alert list.
The column visibility feature is compatible with column sorting. Clicking the arrows at the top of each column will sort them in ascending order, clicking them again will sort them in descending order, and clicking a third time will restore the default sorting.
Reseting column visibility
If you want to restore the default column visibility, you can do so by deleting cache and cookies in your web browser.