Managing Alerts

Security Requirements and Controls

The main Alerts page shows a list of the currently configured alerts for the selected repository or view. This view shows the list of alerts, allows you to search configured alerts, and manage them.

Alerts Overview

Figure 180. Alerts Overview


From within this page and the list of configured alerts, you perform the following actions:

  • To search existing alerts, either using name or label, use the Find alert... box.

  • To create a new alert, click the + New alert button. For more information, see Creating Alerts.

  • The Filter alerts and Standard alerts buttons enable you to quickly filter the list by their type.

  • To edit the alert, click on the alert name in the list. For more information, see Editing an Alert.

  • To manage an alert, click the menu icon next to the alert name.

    Managing Alerts

    Figure 181. Managing Alerts


    From this pop-up you can:

For more detail on monitoring the alert and execution and the list of alerts on this page, see Monitoring Alerts.

Reusing an Alert

Over time you'll find that you will have many Alerts that are similar, but with slight deviations to their underlying queries. To make it easier to create an alert that is similar to an existing one, you can duplicate it and then modify it.

To duplicate an alert:

  1. Go to the Automation tab to see the full list of alerts saved in that repository.

  2. Click the menu icon to the right of an alert and choose Duplicate.

  3. Fill in the information as required in the New alert page, then click Create alert.

You can also export an alert to use elsewhere — to reuse an alert from another repository:

  1. Go to the Automation tab to see the full list of alerts saved for that repository.

  2. Click the menu icon to the right of an alert and choose Export as Template. This will generate a yaml file that your browser will download.

    Tip

    You might export all of you alerts and keep a version history of changes by storing them on GitHub or elsewhere as a back-up, and to install them to your repositories from there.

  3. If needed, edit this file with a simple text editor before using it later.

  4. When creating a new alert, choose From template and select the previously saved YAML file.

Editing Alerts

To edit an existing alert:

  1. Go to the Automation tab to see the full list of alerts saved in that repository.

  2. Click on the name of the alert you want to edit.

  3. Change the properties in the Edit standard alert or Edit filter alert page.

    The alert type cannot modified after the query has been created. To create an alert of a different type with the same query (providing the query is compatible), create a new alert and copy the query and actions.

  4. When editing an existing alert, the alert query can be edited from within the Search interface, by clicking the Advanced edit button.

    Alert Advanced Edit

    Figure 182. Alert Advanced Edit


    This will open the full Search environment, allowing you to select fields and refine your query.

    Alert Query Editing

    Figure 183. Alert Query Editing


  5. Click Discard changes to cancel any edits you have made, or click Save... to save the query. When you click Save... you will be prompted to complete the remainder of the fields on the Alert using the same fields as in the main editing page.

    Save Edited Alert

    Figure 184. Save Edited Alert


  6. When you've finished editing the alert, click Save alert on the bottom right. You will return to the page for Managing Alerts.

Disabling an Alert

There may be times when you want to disable an alert. You might do this, for instance, if you've received a notification of an alert and need time to resolve the problem. You might want to disable the alert until then, so that it won't bother you while you're working on it. You can re-enable it when you're finished.

The quicker way to do that is from the alert's overview page, where you select Disable or Enable from the options menu. Alternatively:

  1. Go to the Alerts tab and select the alert to disable, which will open the alert in edit mode.

  2. Uncheck the Alert Enabled check box under section General. Should you want to re-enable a disabled alert, simply check the box.

Deleting an Alert

  1. Go to the Automation tab to see the full list of alerts saved in that repository.

  2. Open the menu shown in Reusing an Alert and click Delete

  3. Confirm that you want to delete the alert.

    Warning

    The Delete action cannot be undone and you cannot restore an alert.