Editing an Alert
Security Requirements and Controls
Change triggers and actionspermission
Existing alerts can be edited or modified, but there are some differences and limitations. See Figure 188, “Editing a Standard Alert”.
An example of editing a filter alert can be seen in Editing a Filter Alert
 |
Figure 187. Editing a Filter Alert
 |
Figure 188. Editing a Standard Alert
Alert Notification
If an error has occurred when executing the alert, the top of the page will contain the error message with additional detail on the issue:
The Edit alert page is slightly different
from the Creating Alerts page.
Alert status
The alert status is shown, including the current alert type. The display will also show the last time the alert was successfully triggered.
Cannot be modified
You cannot modify the filter type, i.e. you cannot switch between Standard and Filter alerts.
To recreate an alert as a different type, you will need to copy the query to a new alert.
Can be modified
The alert name, description and labels can be modified.
The alert can be enabled or disabled.
The query can be altered. If the query is modified, then the existing query for the alert will be terminated before the new query is executed.
The list of actions triggered when the query matches can also be altered. Any actions being executed when the alert is updated will be completed, and the new list of configured actions will be triggered when the alert triggers again.
Saving the alert will create, and if necessary restart, the alert query.