The Alarm grid is an alternate view to the Alarm card view. You can switch from the Alarm card view to the Alarm grid view by clicking Grid on the upper-right of the screen, near the status indicator.

The Alarm grid contains the following columns:

  • Actions. Contains the following:
    • Check box. Select up to 100 alarms to perform a batch action.
      • Comment icon. If the alarm contains comments, the blue comment icon appears with a number next to it indicating the number of comments for the alarm. You can also click the icon to open the Inspector panel to add a comment.
    • Alarm Added to Case icon. If the alarm has been added to a case, a blue case icon appears with a number indicating the number of alarms in which the case was added. You can also click the icon to add the alarm to the case selected in the Cases panel.
    • Drilldown icon. Begins a Search task to drill down into the data for the alarm.
  • Trigger Time. The date and time the alarm was triggered.
  • Alarm Rule Name. The name of the alarm rule that was triggered.
  • Risk. A number from 1 to 100, with 1 representing the absolute minimal risk and 100 representing the highest risk. LogRhythm assigns the risk number (or Risk Based Priority) using a complex equation that takes many factors into account. For a detailed description, see the Risk Based Priority Calculator.

  • Status. New, Closed, or Open.
  • Entity. The location where the alarm was triggered.
  • Last Updated. The last time an action was performed on the alarm.
  • ID. An internal number representing a unique alarm instance.
