On the main toolbar, click Deployment Manager.
On the Tools menu, click Monitor, and then click Alarm Viewer.
The Alarm Viewer Wizard appears.
- Select the Action check box for each alarm you want to change the status of.
- Right-click the grid to display the context menu, click Action, and then click Update Status.
The Alarm History dialog box appears.
- Select the appropriate alarm status radio button.
- New. When an alarm is first triggered, LogRhythm automatically assigns its status to New. An alarm can be changed back to a New state at any time. If an alarm is set back to a New state, the time stamps for when the alarm was set to Open and Closed are cleared. The date the alarm was generated is never cleared.
- Open. Changes the status of the alarm to open. This alerts anyone looking at the alarm that it has been viewed, but no action was taken.
- Working. Indicates that someone is currently working on the alarm occurrence.
- Escalated. Indicates that the alarm status has been upgraded for additional analysis and investigation.
- Closed. Indicates that all investigations into an occurrence are completed. When you close one or more alarms, the Resolution list allows you to select from the following reasons:
- False Alarm. Event did not require investigation or further action.
- Monitor. Cause needs to be reviewed in an ongoing manner to determine next steps or resolution.
- Reported. Issue was reported to the appropriate personnel.
- Resolved. Issue pertained to an incident and was resolved.
- Unresolved. Might be an incident and was not resolved. Further action may be necessary.
- (Optional). Add comments to explain the change in the alarm's history.
- To save the changes, click OK.
The Alarm History dialog box closes and the Alarm Status updates.