Marking the completion of single alert processing

Users with the Security auditor role cannot assign and process alerts.

To close an individual alert in the table of alerts:

1. Select the Alerts section in the window of the application web interface.

   This opens the table of alerts.

2. In the State column of the alert that you want to close, click the status of the alert.
3. In the list of actions, select Close alert.

The alert is closed.

To close an alert while managing the alert:

1. Select the Alerts section in the window of the application web interface.

   This opens the table of alerts.

2. Open the alert that you want to close.
3. In the upper-right corner of the window, click Close alert.

The alert is closed. If the alert was assigned to a different user, it is marked as processed by you.

You can view all alerts that have been processed by a specific user by filtering alerts based on the status of their processing by the user or by using the Show closed alerts toggle switch.

If an alert based on a scan using the TAA (IOA), IDS, or URL technology that is similar to a processed alert is received within the day (from 00:00 a.m. to 11:59 p.m.), the application either creates a new alert or updates the information in the identical alert with the New or In process status.

When you close an NDR alert, the aggregate event and nested NDR events associated with the alert are marked as resolved, and other alerts associated with these events are also closed. If a closed NDR alert is reopened, the associated closed NDR event is not reopened.

Page top