Alerts are created when a sequence of events is received that triggers a correlation rule. You can find more information about alerts in this section.
In the Alerts section of the KUMA web interface, you can view and process the alerts registered by the program. Alerts can be filtered. When you click the alert name, a window with its details opens.
The alert date format depends on the localization language selected in the application settings. Possible date format options:
Alert life cycle
Below is the life cycle of an alert:
Alerts with the New status continue to be updated with data when correlation rules are triggered. If the alert status changes, the alert is no longer updated with new events, and if the correlation rule is triggered again, a new alert is created.
Alert overflow
Each alert and its related events cannot exceed the size of 16 MB. When this limit is reached:
Overflowed alerts should be handled as soon as possible because new events are not added to overflowed alerts. You can filter out all events that could be linked to an alert after the overflow by clicking the All possible related events link.
Alert segmentation
Using the segmentation rules, the stream of correlation events of the same type can be divided to create more than one alert.