Investigating current and past alarms - Security Center 5.9

Security Center User Guide 5.9

series
Security Center 5.9
revised_modified
2020-08-19

You can search for and investigate current and past alarms, using the Alarm report task.

What you should know

In Security Desk, you can investigate all of the alarms that were triggered during the last week or since your last shift. You can also investigate major events that happened in your system (by only selecting critical alarms), who acknowledged a specific alarm, and why. You can also review the video associated to an alarm, which can then be exported and sent to law enforcement as evidence.

Procedure

  1. From the home page, open the Alarm report task.
  2. Set up the query filters for your report. Choose one or more of the following filters:
    Alarms
    Select the types of alarms you want to investigate. Alarms can be locally defined (), or imported from federated systems ().
    Acknowledged by
    Users who acknowledged the alarm.
    Acknowledged on
    Alarm acknowledgment time range.
    Acknowledgment type
    Select one of the following acknowledgment type options:
    Alternate
    Alarm was acknowledged by a user using the alternate mode.
    Default
    Alarm was acknowledged by a user, or auto-acknowledged by the system.
    Forcibly
    An administrator forced the alarm to be acknowledged.
    Alarm priority
    Alarm priority.
    NOTE: All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool.
    Context
    Restrict the search to alarms with a specific text in the annotation. The search is case insensitive.
    Investigated by
    Which user put the alarm into the under investigation state.
    Investigated on
    Specify a time range when the alarm was put into the under investigation state.
    Source
    Source entity that triggered the alarm in the case of an event-to-action, or the user who triggered the alarm manually.
    State
    Current state of the alarm.
    Active
    Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane.
    Acknowledged
    Alarm was acknowledged by a user, or auto-acknowledged by the system.
    Under investigation
    Alarm that is under investigation.
    Acknowledgement required
    Alarm with an acknowledgement condition that was cleared is ready to be acknowledged.
    Triggered on
    Alarm trigger time range.
    Triggering event
    Events used to trigger the alarm.
    Custom fields
    Restrict the search to a predefined custom field for the entity. This filter only appears if custom fields are defined for the entity, and if the custom field was made visible to you when it was created or last configured.
  3. Click Generate report.
    The alarms are listed in the report pane.
  4. To show the corresponding video of an alarm in a tile, double-click or drag the item from the report pane to the canvas.
  5. To control the alarms, use the alarm widget.

Example

Watch this video to learn more. Click the Captions icon (CC) to turn on video captions in one of the available languages. If using Internet Explorer, the video might not display. To fix this, open the Compatibility View Settings and clear Display intranet sites in Compatibility View.