Create Future Alert Dialog

Tags: Documentation

In the Create Future Alert dialog, Administrators and Analysts can create an application rule from the Investigate > Events page for any suspicious activity. You can create rules with a flexible query that covers a wide set of events and system information from your network, including suspected breach activities and misconfigured servers. Once the rule is applied to a matched policy with services (Decoders), it generates alerts whenever a match occurs and helps analysts with further investigation.

To access this dialog, while investigating a service in the Investigate > Events view, add a query on the query search bar > > Create Future Alert from the toolbar.

IMPORTANT: The Create Alert option will be enabled for users only if the Decoder services are managed by Policy-based Centralized Content Management and the user has the investigate-server.alert.manage permission enabled.

Note: An administrator must enable investigate-server.alert.manage permission and source-server.centralpolicy.manage permission on the source server and rules.manage permission on the core devices to allow analysts to create the application rules.
For more information, see the "Role Permissions" topic in the System Security and User Management Guide.

What do you want to do?

Quick Look - Create Future Alert Dialog

This is an example of the Create Future Alert Dialog.

12.4_Future_alert_mitre_0124.png

The following table describes the fields in the Create Future Alert view.

Create Future Alert Dialog

What do you want to do?

Related Topics

Quick Look - Create Future Alert Dialog