Users with the Security officer role cannot perform bulk operations on alerts. Users with the Security auditor role cannot assign and process alerts.
To close one or more alerts:
This opens the table of alerts.
You can select all alerts by selecting the check box in the table header.
This opens the action confirmation window.
You can also leave a comment that will be displayed in the alert change history.
The selected alerts are closed. If the alerts were assigned to other users, they are marked as closed by you.
You can view all closed alerts by filtering alerts based on the status of their processing by the user or by using the Show closed alerts toggle switch.
If an alert based on a scan using the TAA (IOA), IDS, or URL technology that is similar to a processed alert is received within the day (from 00:00 a.m. to 11:59 p.m.), the application either creates a new alert or updates the information in the identical alert with the New or In process status.
When you close an NDR alert, the aggregate event and nested NDR events associated with the alert are marked as resolved, and other alerts associated with these events are also closed. If a closed NDR alert is reopened, the associated closed NDR event is not reopened.
Page top