-
On the main toolbar, click Deployment Manager.
-
On the Tools menu, click Monitor, and then click Alarm Viewer.
-
Select the alarm you want in the Alarm List.
-
Right-click the selected alarm, and then click Alarm Record.
The Alarm History dialog box appears. -
To set alarm status, select one of the following radio buttons:
-
New. When an alarm is first triggered, LogRhythm automatically assigns its status to New. An alarm can be changed back to a New state at any time. If an alarm is set back to a New state, the time stamps for when the alarm was set to Open and Closed are cleared. The date the alarm was generated is never cleared.
-
Open. Changes the status of the alarm to open. This alerts anyone looking at the alarm that it has been viewed, but no action was taken.
-
Working. Indicates that someone is currently working on the alarm occurrence.
-
Escalated. Indicates that the alarm status has been upgraded for additional analysis and investigation.
-
Closed. Indicates that all investigations into an occurrence are completed. When you close one or more alarms, the Resolution list allows you to select from the following reasons:
-
False Alarm. Event did not require investigation or further action.
-
Monitor. Cause needs to be reviewed in an ongoing manner to determine next steps or resolution.
-
Reported. Issue was reported to the appropriate personnel.
-
Resolved. Issue pertained to an incident and was resolved.
-
Unresolved. Might be an incident and was not resolved. Further action may be necessary.
-
-
-
(Optional). Add any appropriate comments to explain the change in the alarm's history.
-
To update the alarm, click Save, or click Save and Close to update the alarm and return to the alarm list.
If the Close button is clicked at the lower-right corner of the window before the alarm is saved, the alarm status is not changed.