Device Alert
The device alerts list tab is accessible under Assets -> Alerts.
The device alerts list contains records of alerts on devices in the system.
Each alert contains:
- Basic information of that device such as Name, IP, MAC, Criticality, Type, Sub-type.
- Alerting information such as Alert Started, Alert Ended, Alert Criticality, Message, Reason, Alert Status.
- Detailed device information such as operating system, Manufacturer, Country of Origin (COO), Site, which device belongs to Purdue Models.
- Also, the status of the device in the system such as Onboarded Time, Current Status, Asset ID, Agent that detected that device is shown.
Note: you can sort a field in ascending or descending order by clicking on its name.
A new alert will appear on the list when:
- Neuralyzer turns on Anomaly Detection and a strange device (not in whitelist) connect/plug in to the system.
Note: You can add a device to whitelist by either resolve its alert by choosing option “Anticipated” while turning on anomaly detection or switch to Discovery mode and let that device discovered automatically by Neuralyzer.
- A device is active but make no communication in a certain period of time
Note: You can set a time threshold for the device not to communicate in
- A device is active and communicate with other devices on disallowed port(s)
Note: You can specify which ports that all devices can communicate on in Device type Setting. You can also set for a specific device in Device policies.
- A device is active and make communication with other devices with disallowed protocol(s)
Note: You can specify which protocols that all devices of that type can communicate with in Device type Setting. You can also set for a specific device in Device policies.
- A device is inactive in a certain period of time
- A device violates a block list policies.
Note: You can set a threshold for how long a device can be inactive before alerting. You can also set for a specific device in Device policies.
If option “On-screen alert” in Alert settings is disabled, a “Acknowledge” button will show up on each alert record for you to acknowledge when tapping on.
If “On-screen alert” option is turned off,
An acknowledge button will appear in the Acknowledgment column on each alert record to indicate that the alert has not been acknowledged yet.
When the alert has been acknowledged, the resolve button will appear and you can completely resolve that alert.
Filter
We support searching and filtering on the device alerts list:
- You can enter value for 1 or more fields, and the result list and number of total records will be updated according to the value(s) you entered.
| Index | Field | Data type | Type of input | Support multi-input | Note |
|---|---|---|---|---|---|
| 1 | Name | Text | Input text | No | |
| 2 | IP | Number | Input number in IP address format (e.g. 192.168.1.102), IP netmask format (e.g.192.168.1.0/24) | No | |
| 3 | Alert Criticality | Text | Select from drop-down list | No | |
| 4 | MAC | Text & Number | Input number and text in MAC address format (e.g. A1:B2:C3:D4:E5:F6), | No | |
| 5 | Type | Text | Select from drop-down list | Yes | |
| 6 | Sub-type | Text | Select from drop-down list | No | |
| 7 | Alert Started | Date | Select from pop-up calendar and clock | No | |
| 8 | Alert Ended | Date | Select from pop-up calendar and clock | No | |
| 9 | Device Criticality | Text | Select from drop-down list | No | |
| 10 | Message | Text | Input text | No | |
| 11 | Reason | Text | Input text | No | |
| 12 | Alert Status | Text | Select from drop-down list | No | |
| 13 | OS | Text | Select from drop-down list | No | |
| 14 | Brand | Text | Select from drop-down list | No | |
| 15 | Country of origin | Text | Select from drop-down list | No | |
| 16 | Purdue models | Number | Select from drop-down list | Yes | |
| 17 | Status | Text | Select from drop-down list | No | |
| 18 | Site | Text | Select from drop-down list | No | |
| 19 | Onboarded from | Date time | Select from pop-up calendar and clock | No | |
| 20 | Onboarded to | Date time | Select from pop-up calendar and clock | No | |
| 21 | Asset ID | Number | Input number | No | |
| 22 | Agent | Text | Select from drop-down list | No |
- You can change the order of the fields displaying on the list by clicking "..." -> “Filter preference” then drag and drop the fields and arrange them in the desired order.
- You can choose to show/hide the fields in the list by clicking "..." -> “Filter preference” and tick/untick the box on the left of field name. If you choose more than 10 fields to be displayed on the list, a horizontal scroll bar will appear, just scroll it to the right to see more fields.
- You can save a custom filter for your convenience when you need to reuse them in the future. Enter values into the fields to filter then select "..." -> "Create filter", give a name for your filter. Every time you come back, click on "..." → Your saved filter to apply it.
- You can update your saved custom filters by editing/adding values to the fields and selecting "..." then "Save filter”
- You can delete a saved custom filter by selecting “…” → “X” button on saved filter
Note: When you select a type first then select a purdue model, if the selected type is not included in selected purdue model, the type will be discarded, you will need to choose another type.
Note: When you select a sub-type first then select a type, if the selected sub-type is not included in selected type, the sub-type will be discarded, you will need to choose another sub-type.