Investigating current and past alarms - Security Center 5.6

Security Center User Guide 5.6

series
Security Center 5.6
revised_modified
2019-10-09

You can search for and investigate current and past alarms, using the Alarm report task.

What you should know

For example, you might want to see which alarms were triggered during the last week, or since your last shift. You could search for major events that happened in your system, by only selecting critical alarms. You can see who acknowledged a specific alarm, and why. If there was a critical alarm that occurred and you must re-examine it, you can search for the alarm, and then review the attached video. If needed, you can also export the alarm video, and send it to law enforcement as evidence.

Procedure

  1. From the home page, open the Alarm report task.
  2. Set up the query filters for your report. Choose one or more of the following filters:
    Acknowledged by
    Users who acknowledged the alarm.
    Acknowledged on
    Alarm acknowledgement time range.
    Acknowledgement type
    Select one of the following acknowledgement type options:
    Alternate
    Alarm was acknowledged by a user using the alternate mode.
    Default
    Alarm was acknowledged by a user, or auto-acknowledged by the system.
    Forcibly
    An administrator forced the alarm to be acknowledged.
    Alarm priority
    Alarm priority.
    NOTE: All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool.
    Alarms
    Select the types of alarms you want to investigate. Alarms can be locally defined (), or imported from federated systems ().
    Custom fields
    Restrict the search to a pre-defined custom field for the entity. This filter only appears if custom fields are defined for the entity, and if the custom field was made visible to you when it was created or last configured.
    Investigated by
    Which user put the alarm into the under investigation state.
    Investigated on
    Specify a time range when the alarm was put into the under investigation state.
    Source
    Source entity that triggered the alarm in the case of an event-to-action, or the user who triggered the alarm manually.
    State
    Current state of the alarm.
    Active
    Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane.
    Acknowledged
    Alarm was acknowledged by a user, or auto-acknowledged by the system.
    Under investigation
    Alarm with an acknowledgement condition that is still active was put under investigation.
    Acknowledgement required
    Alarm with an acknowledgement condition that was cleared is ready to be acknowledged.
    Triggered on
    Alarm trigger time range.
    Triggering event
    Events used to trigger the alarm.
  3. Click Generate report.
    The alarms are listed in the report pane.
  4. To show the corresponding video of an alarm in a tile, double-click or drag the item from the report pane to the canvas.
  5. To control the alarms, use the alarm widget.