Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

User guide

Analytics

Working with alerts

Configuring alerts table

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Configuring alerts table

April 8, 2024

ID 217769

Get as PDF

The main part of the Alerts section shows a table containing information about registered alerts.

The following columns are displayed in the alerts table:

  • Priority (priority)—shows the importance of a possible security threat: Critical priority-critical, High priority-high, Medium priority-medium, or Low priority-low.
  • Name—alert name.

    If Overflowed tag is displayed next to the alert name, it means the alert size has reached or is about to reach the limit and should be processed as soon as possible.

  • Status—current status of an alert:
    • New—a new alert that hasn't been processed yet.
    • Assigned—the alert has been processed and assigned to a security officer for investigation or response.
    • Closed—the alert was closed. Either it was a false alert, or the security threat was eliminated.
    • Escalated—an incident was generated based on this alert.
  • Assigned to—the name of the security officer the alert was assigned to for investigation or response.
  • Incident—name of the incident to which this alert is linked.
  • First seen—the date and time when the first correlation event of the event sequence was created, triggering creation of the alert.
  • Last seen—the date and time when the last correlation event of the event sequence was created, triggering creation of the alert.
  • Categories—categories of alert-related assets with the highest severity. No more than three categories are displayed.
  • Tenant—the name of the tenant that owns the alert.
  • CII—an indication whether the related to the alert assets are the CII objects. The column is hidden from the users who do not have access to CII objects.

You can view the alert filtering tools by clicking the column headers. When filtering alerts based on a specific parameter, the corresponding header of the alerts table is highlighted in yellow.

Click the gear.png button to configure the displayed columns of the alerts table.

In the Search field, you can enter a regular expression for searching alerts based on their related assets, users, tenants, and correlation rules. Parameters that can be used for a search:

  • Assets: name, FQDN, IP address.
  • Active Directory accounts: attributes displayName, SAMAccountName, and UserPrincipalName.
  • Correlation rules: name.
  • KUMA users who were assigned alerts: name, login, email address.
  • Tenants: name.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.