Manage alerts

This Alerts page provides a summary and status of all triggered security alerts, categorized by their status and severity. This page allows you to monitor potential issues and track their status.

The alerts are divided into the following categories:

Active: Displays alerts that are currently open and require your attention.
Muted: Shows alerts that have been temporarily silenced.
Cleared: Presents alerts that have been resolved or acknowledged.

Alert severity summary

This section provides a quick count of active alerts by their severity level:

Critical: Number of critical alerts that are currently active.
High: Number of high-severity alerts.
Medium: Number of medium-severity alerts.
Low: Number of informational alerts.

Alerts table

This table lists individual alerts with detailed information:

Alert Type: Describes the nature of the alert (e.g., "Login From Prohibited Location," "Changed Login Location", or "Login Outside Of Working Hours").
Trigger: Indicates the specific event or condition that caused the alert.
Instances: Shows the number of times this specific alert trigger has occurred.
Category: Groups the alert by its type (e.g., "User Activity").
Last Detected: Displays the timestamp of the most recent occurrence of the alert.
Severity: Indicates the impact level of the alert (e.g., "Medium").

To view detailed information of an alert, click the field in the Trigger column, then the corresponding number in the Ocurrences column.

Address alerts

After reviewing the alerts table, you can identify which alerts require action. Some alerts may result from legitimate activities, such as a user logging in from a new country due to business travel, triggering a "Changed Login Location" alert. However, similar alerts could stem from genuine security threats as well. Investigate the cause of each alert to determine the appropriate response.

You can take the following actions on alerts and the users who triggered the alerts:

Mute: Temporarily silences notifications and moves the alert and the future alerts to the Muted category. Muted alerts can be unmuted later, returning them to the Active category.
Clear: Marks the alert as resolved and moves it to the Cleared category.
Block: Blocks users from accessing remote sessions if their activity is deemed suspicious.

Follow these steps to manage alerts.

On the Alerts page, identify the alert you want to address by reviewing the Alert Type column (e.g., "Login From Prohibited Location").
Click the value in the Trigger column (e.g., "India") corresponding to the selected alert. Note that the Trigger value (e.g., a country or location) is dynamic and depends on the alert context.
In the Active Instances section, choose an action:
- For Login From Prohibited Location:
  - To mute alerts, select the users from the list and click Mute. The alerts triggered by the selected users will move to the Muted category, and no further email notifications will be sent.
  - To clear alerts, select the users from the list and click Clear. The alerts triggered by the selected users will move to the Cleared category.
- For Login Outside of Working Hours:
  - To mute alerts, click Mute this user. The alerts triggered by the selected users will move to the Muted category, and no further email notifications will be sent.
  - To clear alerts, select the alert rules from the list and click Clear. The alerts triggered by the selected rules will move to the Cleared category.
- For Changed Login Location:
  - To mute alerts, click Mute this user. The alerts triggered by the selected users will move to the Muted category, and no further email notifications will be sent.
  - To clear alerts, select the location in the New Location column and click Clear. The alerts triggered by the selected locations will move to the Cleared category.
To block a user, do these steps in the Active Instances section:
- a. Click the number in the Occurrences column.
- b. (Optional) Click View user details to view more details about this user.
- b. In the Occurrence Details dialog box, click Block user.