The Issued Alerts page is used for viewing information on the alerts sent by the Security Analytics Engine. If multiple, identical alerts for the same risk policy occur within a 5-minute period, the Security Analytics Engine only displays (and sends) a single alert.
|
IMPORTANT: In order to receive email alerts, SMTP must be set up for the Security Analytics Engine site via IIS. If nothing has been configured, the Security Analytics Engine attempts to connect to any local SMTP server on the standard SMTP port. If the Security Analytics Engine fails to connect, alerts will not be sent. |
|
NOTE: Issued alerts follow the same retention settings as audit events. |
The Issued Alerts page is displayed when Issued Alerts is clicked on the Reports page or in the left pane (the page link is available after using the expand properties button to the left of Reports). The Issued Alerts page displays a list of the alerts sent by the Security Analytics Engine. These results are filtered using the options located at the top of the page.
The following are the filtering options at the top of the page:
|
NOTE: Refreshing the screen returns the Issued Alerts page to its default settings. |
|
NOTE: Issued alerts follow the same retention settings as audit events. |
This field specifies the date to start searching for alerts. By default, this is the current date. Click anywhere in the field to display a calendar from which to select a date to start searching for alerts. You can also manually edit the date in the field (mm/dd/yyyy).
This field specifies a date to stop searching for alerts. By default, this is the current date. Click anywhere in the field to display a calendar from which to select a date to stop searching for alerts. You can also manually edit the date in the field (mm/dd/yyyy).
This drop-down list displays the currently configured applications. Select to display issued alert information for all applications or a specific application. By default, issued alerts for all applications are displayed.
This field is used for setting the maximum number of records (1 to 10000) to return for the search. By default, this is 1000 records.
The Search button updates the Issued Alerts table located beneath the filtering options.
For more information on using these filtering options, see To filter issued alerts. For information on filtering individual columns, see To filter data.
The following information is displayed for each alert in the Issued Alerts table. By default, the issued alerts for the current date are displayed.
This column displays the date and time the alert was issued.
This column displays the name of the application.
This column displays the name of the requested resource. It appears blank when an attribute specifying the resource is not returned by the application.
This column displays the message associated with the issued alerts. It includes the email address to which the alert was sent and the score which caused the alert to be sent.
|
NOTE: The scores shown for issued alerts are based on the configuration of the policy sending the alert. This means that the scores will not always be the same as the risk score from the evaluation of the access attempt. |
This column displays the risk policy that was evaluated.
This column displays the name of the user who accessed, or attempted to access, an application protected by the Security Analytics Engine.
This column displays the email address to which the alert was sent.
This column displays the status of the alert.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Términos de uso Privacidad Cookie Preference Center