When an alarm is triggered, you can view the following information in the Alarm monitoring and the Monitoring task.
- ID
- Alarm instance number. Uniquely identifies each alarm instance.
- Alarm
- Alarm entity name.
- Priority
- Alarm priority.
- Alarm color
- Color of the alarm.
- Source
- Source entity that triggered the alarm. It is the event source if the alarm is triggered by an event-to-action, or the user if the event is triggered manually. The source is not shown if you do not have permission to access the source entity.
- Source time
-
Time of the alarm-triggering event.
Source time and Triggering
time are the same unless the event occurred while the entity was
offline.
NOTE: If Display time based on each device's time zone in Security Desk is selected, the Source time reflects the device's time not the time of the server.
- Triggering event
- Event that triggered the alarm (if triggered through an event-to-action). Manual action is indicated when the alarm was manually triggered by a user.
- State
- The current state of the alarm.
- Active
- The alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane.
- Acknowledged (Default)
- The alarm was acknowledged using the default mode.
- Acknowledged (Alternate)
- The alarm was acknowledged using the alternate mode.
- Acknowledged (Forcibly)
- The alarm was forcibly acknowledged by an administrator.
- Under investigation
- The alarm that is under investigation, meaning that someone has seen it but not necessarily able to take care of it.
- Acknowledgment required
- The alarm with an acknowledgment condition that was cleared and that is ready to be acknowledged.
- Context
- Alarm annotation.
- Acknowledged by
- User who acknowledged the alarm. When the alarm is acknowledge automatically by the system, Service is indicated.
- Acknowledged on
- Time the alarm was acknowledged.
- Acknowledgement source
- User who acknowledged the alarm when the alarm is on a federated system. The user
can be on either the host system or the remote (federated) system.
- Alarm is acknowledged on the same system on which the Alarm report is run (host or remote): User who acknowledged the alarm is displayed.
- Alarm is acknowledged on the host system and the Alarm report is run on the remote system: Remote user associated with the Security Center Federation™ role is displayed along with the host user who acknowledged the alarm.
- Alarm is acknowledged on the remote system and the Alarm report is run on the host system: Security Center Federation role is displayed along with the remote user who acknowledged the alarm.
- Investigated by
- The user who put the alarm into the Under investigation state.
- Investigated on
- The timestamp when the alarm was put into the Investigation state.
- Occurrence period
- Period when the event occurred.
- Source entity type
- The source entity type that triggered the alarm, when the alarm is triggered by an event-to-action. It shows User when the alarm is triggered manually.
- Trigger time
- Time the alarm was triggered in Security Center.
- Custom fields
- Predefined custom fields for the entity. The columns only appear if custom fields are defined for the entity and were made visible to you when they were created or last configured.