Alarm Cards

Each alarm has an associated record that provides status and details. The default view on the Alarms page displays the Alarm details in a card, which includes the following information and options:

• Alarm status. New, Closed, or Open.
• Comment icon. If the alarm contains comments, the blue comment icon appears with a number next to it indicating the number of comments for the alarm. Click the icon to open the Inspector panel to add a comment.

• Alarm Added to Case icon. If the alarm has been added to a case, a blue case icon appears with a number indicating the number of alarms in which the case was added. Click the icon to add the alarm to the case selected in the Cases panel.

• Drilldown icon. Click this icon to launch a search task so you can analyze information associated with the alarm.

• Check box. Select this box to perform batch actions on alarms.

• Add to Case icon. Click this gray icon for the option to create a new case based on the alarm or add the alarm to the case currently selected in the Current Case panel.

• Risk number. A number from 1 to 100, with 1 representing the absolute minimal risk and 100 representing the highest risk. Color designations are as follows:

  • Red: More than 90

  • Orange: 50 to 90, with darker gradients of orange as the number gets closer to 90

  • Gray: Less than 50 
    LogRhythm assigns the risk number (or Risk Based Priority) using a complex equation that takes many factors into account. For a detailed description, see the Risk Based Priority Calculator.

• Alarm name. Click the name to view more details.

• Details. Shows the site affected by the alarm, along with the date and time the alarm was triggered.

• SmartResponse status. Shows whether SmartResponse is on and if any actions have taken place. For more details, see SmartResponse Actions and Approve or Deny SmartResponse Actions.