Alerts in Deep Security

Alerts are created when something requires your attention (such as an administrator-issued command failing, or a hard disk running out of space).

Deep Security includes a pre-defined set of alerts. Additionally, when you create protection module rules, you can configure them to generate alerts if they are triggered.

The Alerts page in Deep Security displays all alerts that have been triggered, but not yet responded to. You can display alerts in a summary view that groups similar alerts together, or in list view, which lists all alerts individually. To switch between the two views, use the menu next to "Alerts" in the page's title.

In summary view, expanding an Alert panel (by clicking Show Details) displays all the computers (and / or users) that have generated that particular alert. (Clicking the computer will display the computer's Details window.) If an alert applies to more than five computers, an ellipsis ("...") appears after the fifth computer. Clicking the ellipsis displays the full list. Once you have taken the appropriate action to deal with an alert, you can dismiss the alert by selecting the check box next to the target of the alert and clicking Dismiss. (In list view, right-click the alert to see the list of options in the context menu.)

Alerts that can't be dismissed (like "Relay Update Service Not Available") will be dismissed automatically when the condition no longer exists.

In cases where an alert condition occurs more than once on the same computer, the alert will show the timestamp of the first occurrence of the condition. If the alert is dismissed and the condition reoccurs, the timestamp of the first re-occurrence will be displayed.

Use the Computers filtering bar to view only alerts for computers in a particular computer group, with a particular policy, etc.

Like event logs, alerts will be automatically deleted when they reach the maximum age in the storage settings, which varies by platform (DSaaS vs. others).