Border Gateway Protocol (BGP) is not merely a protocol—it’s the backbone of the...
2.5 Alerts
NFA lets you set up a robust and customizable alert system that can proactively notify you when important conditions are detected in your network traffic data. You can configure alerts based on different characteristics and parameters of your network traffic: volume changes, frequency, specific traffic type existence, duration, baseline or a complex combination of such characteristics.
2.5.1 Creating Alerts #
1. Go to Alerts > My Alerts and click the “Create New Alert” button.
2. Enter a meaningful Name and Description for the Alert. Select an appropriate Priority Level: Low, High or Critical.
3. Specify Alert Trigger Conditions by adding a single or multiple trigger Rules
When setting up numerous Rules with complex logic, checkmark and fill out the corresponding “Use Complex Logic” field. Hit Apply.
4. When relevant, checkmark and indicate the time interval during which the condition should exist for an Alert Notification to be sent. Alternatively, checkmark and specify the number of times an alert condition should change its state to “True” (e.g. Abnormal traffic behavior detection scenario) within a specific time interval for the Alert Notification to be sent. Proceed to Next Step.
5. On the Alert Details page, select if you’d like the alert to be activated immediately or at a later date/time. Indicate the time interval between notifications, alert reset conditions and snooze options to reduce alert fatigue.
6. Indicate email(s) or Slack channel you’d like the Alert Notifications to be sent to and proceed to the Next Step.
The notification channels must be properly set up from the Management > System Notifications > Notification Channels section for users to receive alert notifications.
7. Review your Alert details, Notification Channels and Save Alert.
2.5.2 My Alerts #
My Alerts section contains a list of Alerts that have been created by your NFA users. Depending on the user access level you can edit, duplicate, delete alerts or turn them on/off.
2.5.3 Active Alerts #
Active Alerts section allows you to view the triggered alert details, triggered alert date/time and allows you to reset (acknowledge) alerts.
When you reset (acknowledge) an alert you are taking ownership of it. This means you are aware of the conditions which triggered an alert and are taking action to solve the issue.
Follow your company’s guidelines on further actions once you acknowledge/reset a triggered alert. Acknowledged/Reset triggered alerts will be flagged with your user name and moved to the History of Alerts section.All triggered alerts in NFA show up with UTC timestamps. This is specifically useful for teams using NFA from multiple geographical time zones.
2.5.4 History of Alerts #
All triggered alerts are saved in the History of Alerts section. Use the available options to search and sort the alert incidents.
