Alerts in Deep Security
Alerts are generated when Deep Security requires your attention (such as an administrator-issued command failing, or a hard disk running out of space).
Deep Security can generate various system and production alerts. When you create protection module rules, you can configure them to generate alerts if they are triggered.
The Alerts page in Deep Security displays all alerts that have been triggered, but not yet responded to. You can display alerts in a summary view that groups similar alerts together, or in list view, which lists all alerts individually. To switch between the two views, use the menu next to "Alerts" in the page's title.
In summary view, expanding an Alert panel (by clicking Show Details) displays all the computers (or users) that have generated that particular alert. (Clicking the computer will display the computer's Details window.) If an alert applies to more than five computers, an ellipsis ("...") appears after the fifth computer. Clicking the ellipsis displays the full list. Once you have taken the appropriate action to deal with an alert, you can dismiss the alert by selecting the check box next to the target of the alert and clicking Dismiss. (In list view, right-click the alert to see the list of options in the context menu.)
Alerts that can't be dismissed (like "Relay Update Service Not Available") will be dismissed automatically when the condition no longer exists.
In cases where an alert condition occurs more than once on the same computer, the alert will show the timestamp of the first occurrence of the condition. If the alert is dismissed and the condition reoccurs, the timestamp of the first re-occurrence will be displayed.
Unlike security events and system events, alerts are not purged from the database after a period of time. Alerts remain until they are dismissed, either manually or automatically.