You are here: Analyst's functions > Alert > Alert data

Alert data

Alert rule data

Alert rule data is described below:

Data Description
Logs

(only in a table) Amount of notifications received matching the rule.

Enabled

Enables or disables the alert rule.

Event

Type of event that triggers the alert:

  • Evidence: triggers the rule when evidence that meets the criteria below arrives.
  • Synchronization: triggers the rule when the agent indicated below runs synchronization.
  • Instance: triggers the rule when the agent created (instanced) by the factory indicated below runs the first synchronization.
  • Entity: triggers the rule when the system automatically creates a new intelligence entity in the indicated operation.
  • Link: triggers the rule when the system automatically creates a link between intelligence entities in an operation or with the indicated entity.
Path

operation, target, entity, agent and factory to be monitored. Thus it indicates the rule application field.

For example, for Evidence event, if an operation is selected, all operation evidence is monitored. If an agent is selected, that agent's evidence is monitored.

Evidence

(only Evidence type events) Type of evidence that generates alerts.

Tip: '*' indicates all types of evidence.

For a description of all types see "List of types of evidence"

Key

(only Evidence type events) Keyword that the evidence must contain to trigger the alert.

For example, keyword "password" creates an alert when the evidence (audio, document) contains the word "password".

Relevance

(only Evidence or Link type events) Automatically tags evidence or the link with different levels of relevance to facilitate analysis:

Icon Description

Maximum relevance.

Intermediate relevance.

Normal relevance.

Minimum relevance.

-

No relevance.

Type

Type of alert to be received when evidence arrives:

  • Log: alert logged and notified on the RCS Console.
  • Mail: e-mail and alert logged
  • None: no logged alert nor e-mail. Useful to automatically tag evidence or links by relevance (Relevance)
Suppression type

(only Mail type alerts) Latency time for sending identical alert e-mails. Used to avoid identical e-mails after the first. For example, if the target has not communicated its evidence for a while and e-mail alert was selected, you may be bombarded with e-mails when the first evidence arrives. When Suppression time is set to 30 minutes, an e-mail will be received every 30 minutes.

NOTE: this setting only limits e-mail delivery. Events are always logged.

Log data

Alert logs are described below:

Data Description
Date

alert time-date.

Path

Range of action from which the alert was generated.

For example, if a target was selected in the rule Path, the name of the target and the name of the operation it belongs to will appear here.

Info

Quantity and type of events that generated the alert.

RCS9.3 | User's and Installation Guide | © COPYRIGHT 2013