Managing Received Notifications
If the Notifications button in the ArcSight Console toolbar indicates that new notifications have arrived (
) you click that button to open the Notifications tab in the Viewer panel. This is your central notification repository if you belong to the destination group configured to receive notifications on the Console (the notification group’s Destination Type is set to Console).
You can open the Notifications manager at any time by clicking the toolbar button, even if no new notifications are present.
To use the Notifications manager you first choose a category tab for the type of notification received.
|
Notification Category |
Use |
|---|---|
|
Pending |
These are notifications that you have not yet handled (reassigned to one of the following categories). Pending notifications older than 24 hours are automatically refiled as Not Acknowledged. |
|
Undeliverable
|
These are notifications that were not delivered. |
|
Acknowledged |
These are notifications to which you have replied. |
|
Not Acknowledged |
Pending notifications that go unacknowledged or unresolved for more than 24 hours are automatically refiled as Not Acknowledged. |
|
Resolved |
These are notifications for which you or a colleague have found a resolution and so have marked the notification accordingly. |
|
Informational |
These are notifications that are provided for information purposes only and do not require resolution or intervention. The Informational tab includes a Delete button. If you no longer need an informational notification, select it and click Delete. |
Note: If you do not see notifications appearing, make sure your ESM user identity (not just your e-mail address) is set as a destination in the Notifications Editor.
In a category, click Acknowledge to mark a selected notification as acknowledged. Click View Event to see the event that triggered a notification. Click Resolve to reclassify the notification as Resolved.
For each category of notification there is a common set of columns of information concerning them.
|
Notification Column |
Definition |
|---|---|
|
Priority |
This is the same priority set by the SmartConnector and modified by the current threat level formula (and seen in grid views), unless modified by the rule that triggered the notification. |
|
Triggering Event |
The event that caused the rule to trigger the notification. |
|
Notification Group |
The branch of the Notifications resource tree to which this destination belongs. |
|
Escalation Level |
The Escalation Level (and implied destinations) the notification has reached while waiting for resolution. |
|
Create Time |
The time at which the notification was created |
Note: Also note that you can set a severity threshold for notification pop-ups and sounds in ArcSight Console Preferences.