SIEM Alarms Tab

The Alarms tab shows all the SIEM alarms. You can use the Time period dropdown list to filter the Past 1 Hour alarms by Last 30 days, Previous month, Last 7 days, or Last 24 hours, or Last hour. You can also search the alarms by entering at least three characters of the Alarm Details data, download a specific alarm, and filter alarms by Severity, Alarm details by intent, and Alarm labels.

The Alarms tab contains a table with the following columns: SIEM Alarms Tab

Severity—a categorization of the risk and urgency of an alarm (High, Medium, or Low).
Status—a current status of the service.
Alarms Details—information about an attack intent, strategy, and method.
Sources—a host name or IP address of the source for an event creating the alarm.
Destinations—a host name or IP address of the destination that received the events generating the alarm.
Time Created—shows the time when an alarm was created.
Labels—False Alarm, Client Contacted, Normal Activity, Denied Connection, Created Suppression Rule, Duplicate, Threat Remediated.
Actions—shows the available actions you can perform on the Alarms tab, such as:
- View Details—view the details of the alarm and read the communication thread.
- Ask a question—ask a question about the alarm.
- Download—select the checkbox near the alarm to download the alarm with details.