On the main toolbar, click Deployment Manager.
On the Tools menu, click Monitor, and then click Alarm Viewer.
Select the alarm you want in the Alarm List.
Right-click the selected alarm, and then click Alarm Record.
The Alarm History dialog box appears.
To set alarm status, select one of the following radio buttons:
New. When an alarm is first triggered, LogRhythm automatically assigns its status to New. An alarm can be changed back to a New state at any time. If an alarm is set back to a New state, the time stamps for when the alarm was set to Open and Closed are cleared. The date the alarm was generated is never cleared.
Open. Changes the status of the alarm to open. This alerts anyone looking at the alarm that it has been viewed, but no action was taken.
Working. Indicates that someone is currently working on the alarm occurrence.
Escalated. Indicates that the alarm status has been upgraded for additional analysis and investigation.
Closed. Indicates that all investigations into an occurrence are completed. When you close one or more alarms, the Resolution list allows you to select from the following reasons:
False Alarm. Event did not require investigation or further action.
Monitor. Cause needs to be reviewed in an ongoing manner to determine next steps or resolution.
Reported. Issue was reported to the appropriate personnel.
Resolved. Issue pertained to an incident and was resolved.
Unresolved. Might be an incident and was not resolved. Further action may be necessary.
(Optional). Add any appropriate comments to explain the change in the alarm's history.
To update the alarm, click Save, or click Save and Close to update the alarm and return to the alarm list.
If the Close button is clicked at the lower-right corner of the window before the alarm is saved, the alarm status is not changed.