Skip to content
  • There are no suggestions because the search field is empty.

Create or Modify Alert Panel

Create or Modify Alert Panel

The Create or Modify alert panel is a panel in the Alert List view. This panel allows you to create or modify an alert as per the requirement.

Workflow

netwitness_alert_view_workflow_latest.png

What do you want to do?

*You can complete these tasks here.

Related Topics

Alerting Overview

Quick View

The following figure is an example with the important features labeled.

125_Reporting_Decoders1_0524.png

125_Reporting_Decoders_0524.png

Note: The 'Push to decoders' option has been removed from NetWitness 12.5. The existing App Rules will remain unchanged. To enable the new App Rules, you can add them manually from Decoder > Config > App Rules (+) through Services in the legacy view. Also, you can deploy App Rules from the CCM page to these decoders if CCM is enabled.

The Create or Modify Alert panel has the following sections:

  • Alert Definition
  • Alert Description
  • Alert Notification

Alert Definition

The following table describes the fields in the Alert Definition:

Alert Description

The following table describes the fields in the Alert Description:

Alert Notification

The Alert Notification allows you to define the notification action NetWitness takes when an alert is generated, for example, recording or sending the alert using one of the defined output actions. The output actions are Simple Mail Transfer Protocol (SMTP), Simple Network Management Protocol (SNMP), or Syslog message.

The Notification contains the default Record tab, which you use to create an alert. The icon beside the Record tab allows you to select the notification type from the drop-down list for the output to specify for the alert: SMTP, SNMP, or Syslog.

Depending on the selected notification type, the Notification section is populated with predefined text that contains variables that add Meta that is appropriate for the alert. In the Reporting Engine, these variables are replaced with actual values. The following table lists the variables and their descriptions.

The Alert Notification view has four tabs:

Record Tab

Use the Record tab to define the frequency for recording an alert and the message to generate when an alert is generated.

netwitness_alert_record_pane.png

The following table lists the fields in the Record tab and their description.

SMTP Tab

The SMTP tab allows you to define the SMTP (email) output for this alert.

netwitness_alert_smtp_pane.png

The following table lists the fields in the SMTP tab and their description.

SNMP Tab

The SNMP tab allows you to define the SNMP output for the alert.

netwitness_alert_snmp_pane.png
The following table lists the various fields in the SNMP tab and their description.

Syslog Tab

The Syslog tab allows you to define the Syslog message output for this alert.

netwitness_alert_syslog_pane.png

Click netwitness_add.png to add Syslog configuration to an alert. The New Syslog Configuration dialog box is displayed:

netwitness_new_syslog_config.png
The following table describes the fields in the New Syslog Configuration dialog: