BookmarkSubscribeRSS Feed
agesser
Obsidian | Level 7

Hi all,

Currently alerts are disappearing at Alert triage grid after any disposition.

Is this configurable and we can config there that alerts will remain seen at this grid even after disposition is applied or some other type of configuration?

 

Thanks a lot,

Alex.

2 REPLIES 2
susantrueman
SAS Employee

Hi Alex, 

 

I recommend reviewing how the Alert Disposition options are configured. You can find these in the VI Administration application under Alerts -> Dispositions. 

For a given disposition you can configure one or more actions including:

  • Close (immediately or after a specified number of days)
  • Issue a REST call
  • Add to Object (i.e. create a case or other internal object)
  • Reactivate after score increase
  • Reactivate after a period of time
  • Move to another queue

If the disposition uses the "Close" option it will close the alert and remove it from the Alert triage grid (either immediately or after the specified number of days). Alternatively you could choose not to use the 'close' option in the disposition and, depending on the use case, you could choose to move the alert to a different queue when the disposition is applied - this would remove it from the list of alerts for the current queue but it would be visible in the alert list for the new queue. 

More details can be found in the product documentation: 

If the alert dispositions are not configured to either the "close" or "move" options and you are continuing to see alerts being removed from the list, please raise a ticket with SAS Technical Support who will be able to advise. 

 

Thanks

Susan

 

agesser
Obsidian | Level 7

thx, Susan

very useful

 

Alex