Group Alerts

You can group alerts so you can apply filters, status, etc. to multiple alerts at a time.

  1. Click one of the groups listed by Group By.
    The Alerts table view changes to a tree view listing the values of the groups.
    In the following example, the group is source.type and the values are Yaf, Snort and Bro.
    The Alerts UI displays the total number of alerts in the group below the Alerts total. See Alerts in Groups (7560).
  2. Click one of the values to list the alerts for that value.
  3. You can click an alert to add it to the Searches field.
  4. All features that are available for the Alerts table are available for the tree view.
    For example, if you apply an action, such as Escalate, to an alert, it will apply to all alerts within the group. Similarly, if you search for a parameter, it will search all alerts within the group.
  5. You can continue to refine your alerts by applying additional groups.
    You can change the order in which the groups are applied to the alerts by clicking and dragging the groups on the Groups By line.
  6. To ungroup your alerts and return to the Alerts window, click Ungroup which is located on the far right of the list of groups.