Alerting

To receive alerts from the target:
  • Alerting section
Purpose

This function lets you:

 

What the function looks like

This is what the page looks like:

Area Description
1

RCS menu.

: indicates the amount of alerts received. The counter is automatically reset after two weeks or when notifications are deleted.

2

Alert rule toolbar.

Descriptions are provided below:

Icon Description

Create a new alert rule.

NOTE: the function is only enabled if the user has Alert creation authorization.

Edit the selected alert rule.

Delete the selected alert rule.

CAUTION: all generated notifications are deleted.

3

Alert log toolbar. Descriptions are provided below:

Icon Description

Delete the selected alert log.

Delete all alert logs.

4

RCS menu.

 

To learn more

For interface element descriptions see "Shared interface elements and actions".

For a description of the data in this window see "Target alert data (Alert)"

For more information on alerts see "What you should know about target alerts".

Adding a rule to be alerted

A rule must be set in order for you to be alerted:

Step Action
1

Click New alert: data entry fields appear.

2
  • Enter the required data indicating the alert method in Type.
  • Select the Enabled check box to apply the rule.
3

Click Save: the new alert rule appears in the main work area. An alert is sent as soon as the system logs an event that matches the rule.

 

Editing an alert rule

To edit an alert rule

Step Action
1

Select the alert rule to be edited

Click Edit: the data to be edited appears.

2
  • Edit data.
  • Select the Enabled check box to immediately apply the rule.
3

Click Save: the new alert rule appears in the main work area. An alert is sent as soon as the system logs an event that matches the rule.

 

Adding a rule to automatically tag certain evidence or certain intelligence links between entities

To automatically tag certain evidence or certain link without logging or sending alerts:

Step Action
1

Click New alert: data entry fields appear.

2
  • Setting criteria to select evidence or links
  • In Type select None.
  • In Relevance set the relevance level
  • Select the Enabled check box to apply the rule.
3

Click Save: the new alert rule appears in the main work area. As soon as the system receives evidence matching this rule, the evidence is tagged.

 

Viewing events matching the logged alert

To view evidence matching an alert:

Step Action
1

Select the alert rule with at least one log (Logs column): all logged alerts appear in the list.

2

Double-click on the row in the logged alert list.

Result: it directly opens:

  • the list of evidence that generated the alert (Evidence event).
  • entity details(Entity event)
  • link view (Link event)