Skip to content
  • There are no suggestions because the search field is empty.

View Alerts View

View Alerts View

In the View Alerts view, you can view all the alerts. Also, you can also customize the view to show alerts for a specific period of time, and set the maximum number of alerts displayed in a single page.

Workflow

netwitness_view_an_alert_workflow.png

What do you want to do?


  • Role:

    Administrator/ Analyst

  • I want to...:

    Configure an alert

  • Documentation:

    Configure an Alert


  • Role:

    Administrator/ Analyst

  • I want to...: Schedule an alert
  • Documentation: Schedule an Alert

  • Role:

    Administrator/ Analyst

  • I want to...:

    View an alert*

  • Documentation:

    View an Alert


  • Role: Administrator/ Analyst
  • I want to...: Investigate an alert
  • Documentation: Investigate an Alert


*You can complete these tasks here.

Related Topics

Alerting Overview

Quick View

The following figure is an example with the important features labeled.

122_view_alerts_1222.png

netwitness_110_view_alerts_tabbd_817x459.png

  • Column 1: 1
  • Column 2: Click Alerts to open the Alert view.

  • Column 1: 2
  • Column 2:

    Click View Alerts to view the different panels on View Alerts.


  • Column 1: 3
  • Column 2: The View Alerts toolbar allows you to filter alerts based on a count, or the start and end date of the alerts.

  • Column 1: 4
  • Column 2: The View Alerts List lists all the filtered alerts in a tabular format.

The View Alerts view has the following panels:

  • View Alerts Toolbar
  • View Alerts List

View Alerts Toolbar

The following table lists the operations in View Alerts toolbar panel.

  • Option:

    Last Hour(s) data

  • Description:

    The data fetched from the previous execution.


  • Option:

    Max No Of Alerts

  • Description:

    The maximum number of alerts that you want to fetch from the Reporting Engine service for a specific time-range.


View Alerts List

The following table lists the columns in the View Alerts List panel.

  • Column: netwitness_investigation_icon.png
  • Description:

    The icon that opens the Investigation module, where the details of the first session that registered the match for the given alert is displayed for immediate analysis.

    Note: You are not redirected to the Investigation module when:
    -You reconfigure a data source for an existing alert and run an alert on the new data source.
    -You enter a host name instead of an IP address in the data source field.


  • Column: Name
  • Description: The name of the alert that registered the match. The hyperlink on the name opens the Investigation module to view all matches for that particular alert for the hour surrounding the registered alert.

  • Column: Number of hits
  • Description: The number of times the alert is generated.

  • Column: Detected
  • Description: The date and time at which the alert generates.

  • Column: Message
  • Description: The alert message.

  • Column 1:
  • Column 2: