Notifications
Sections
Types of Notifications
On the left side of the Notifications page, there are four primary attributes to a notification: category, sub-category, source and severity. These attributes make up the facet search elements by default.
Base Notification Format
All notifications have other base attributes of time, message and contact. The time appears to the right of the icon along with the category. Next appear the sub category and message. At the bottom of the notification is whether contact was made. By default this type of contact is email. A checkbox will appear if this notification caused an email to be sent.
At the bottom of the base format, to the left of the notification type, there is a code (<>, or </>) marker. You will see these throughout the interface. Clicking on a code icon will display the JSON document that produces the interface output. This is extremely useful in understanding what is recorded, what can be searched and how to search for information.
There are common notification Categories:
- User Activity
- Cloud
- Collector
- Behavior Summary
- Status
Understanding the types of notifications, why they appear and what they mean will enhance your use of Fluency.
Notification Categories
User Activity
User activity lists the user login data. This information is also in the User Admin->Audit page. Login data includes the source network address and country. In the “Base Notification Format” section there is an image of a login record being expanded.
Cloud
Cloud notifications are actions taken by the autonomous actions of the cloud management system to maintain Fluency. Common cloud actions are database management and sensor updates, such as rule files.
Collector
These alerts are useful for security operations as a whole. This includes rules update, action and change.
Behavior Summary
Behavior Summary are notifications from primarily the RiskScore processes.
The “RiskScore Record” button will navigate to the EventWatch->Behavior Summary page. The code button produces a full JSON record of the alert, but the RiskScore page is easier to use to review the data.
NOTE: If you plan to return to this page, and want to keep your place use the “Pin This Page” switch on the top right of the page (see the first image). This will keep this page static and open up new pages when interaction would have navigated you away from this page.
Status
Status notifications are alerts that are sent from the system to Fluency support in order to address the health and operations of the system. In the above example, the number of incoming alerts was higher than the capacity of the system for just a moment. The system updated the alert to then notify administration that the queue was still high, but acceptable.
These notifications help Fluency administration to ensure that there are proper resources of the system to maintain high-availability.
Page last updated: 2023 Aug 01 17:23:14 EDT