View Alerts
Xcitium’s CNAPP Solution provides comprehensive visibility of the cloud assets with the help of Dashboards and alerts. it can forward the container alerts that is present in the workloads. We can also use Feeder service agent to pass the alertsto other SIEM tools like Splunk, ELK, Rsyslog, etc.., User can also forward the alertsfrom Xcitium using the channel integration option to these SIEM tools.
The Alerts summary in Xcitium displays a complete list of alert events that have occurred within the infrastructure during a defined timeline.
It provides an interface to:
- Find and get insights into security events in your infrastructure
- Filter the Alerts to hone into the events that will require further inspection
- Inspect any specific event using a alert detail panel
- Send customized alerts to third-party SIEM (security information and event management) platforms and logging tools, such as Slack, Splunk, Elastic Search, Cloud watch, Jira with the help of trigger.
- Alerts are generated in real-time based on certain conditions/rules you configure on the security policies.
Cluster - cluster drop-down can be used to filter alerts related to specific clusters
Namespace - Namespace drop-down can be used to filter alerts related to specific namespaces
Severity - Use the appropriate options to filter alert events by Critical, High, Medium, Low, and Info level of severity, corresponding to the levels defined in the relevant runtime Policies.
Time Ranges - As in the rest of the platform interface, the time range can be set by date ranges and in increments from 5 minutes to 60 days.
Filter using elements from the alert vents list Click one or more elements in a alert event to add them directly to the filter.
Click Save button, to save the selected filter to Saved Filters
When the user fills the details and clicks the create option the filter will be saved.
Directly search elements in the filter - You can directly search by the elements, such as “Cluster_name”, “Flow_IP_destination” etc visible in the alerts
Use Search Filters - Search Filters are categorized into three
- Predefined filters: A set of predefined filters makes the user's alert filtering easier. We have incorporated frequent and important elements into these filters.
- Saved Filters: The saved filters will list all the filters that the user has saved.
- Unsaved: A set of filters loaded from your cache. It will be available shortly.
Note: Filter cannot be used when ‘Show Aggregated View’ option is enabled.
Alert Detail Panel Click one of the events in the alert to view the details pane.
The Alert Detail contents vary depending on the selected component type of the alert event.