Each alarm has an associated record that provides status and details. The default view on the Alarms page displays the Alarm details in a card, which includes the following information and options:
-
Alarm status. New, Closed, or Open.
-
Comment icon. If the alarm contains comments, the blue comment icon appears with a number next to it indicating the number of comments for the alarm. Click the icon to open the Inspector panel to add a comment.
-
Alarm Added to Case icon. If the alarm has been added to a case, a blue case icon appears with a number indicating the number of alarms in which the case was added. Click the icon to add the alarm to the case selected in the Cases panel.
-
Drilldown icon. Click this icon to launch a search task so you can analyze information associated with the alarm.
-
Check box. Select this box to perform batch actions on alarms.
-
Add to Case icon. Click this gray icon for the option to create a new case based on the alarm or add the alarm to the case currently selected in the Current Case panel.
-
Risk number. A number from 1 to 100, with 1 representing the absolute minimal risk and 100 representing the highest risk. Color designations are as follows:
-
Red: More than 90
-
Orange: 50 to 90, with darker gradients of orange as the number gets closer to 90
-
Gray: Less than 50
LogRhythm assigns the risk number (or Risk Based Priority) using a complex equation that takes many factors into account. For a detailed description, see the Risk Based Priority Calculator.
-
-
Alarm name. Click the name to view more details.
-
Details. Shows the site affected by the alarm, along with the date and time the alarm was triggered.
-
SmartResponse status. Shows whether SmartResponse is on and if any actions have taken place. For more details, see SmartResponse Actions and Approve or Deny SmartResponse Actions.