Snooze alerts for later analysis
This task is part of a workflow defined in Working with Alerts Based on Firewall Events.
Snooze alerts when they are of lesser priority, as compared to other alerts. For example, if your organization is repurposing an email server as an FTP server, and the system generates an Emergent Profile alert (indicating that an entity's current traffic matches a behavior profile that it did not previously match), you can snooze this alert as it is intended behavior, and revisit it at a later date. A snoozed alert does not show up with the open alerts; you must specifically filter to review these snoozed alerts.
Snooze an alert:
Procedure
Step 1 | Click Close Alert. |
Step 2 | In the Snooze this alert pane, select a snooze period from the drop-down. |
Step 3 | Click Save. |
What to do next
When you are ready to review these alerts, you can unsnooze them. This sets the status to Open, and displays the alert alongside the other Open alerts.
Unsnooze a snoozed alert:
-
From a snoozed alert, click Unsnooze Alert.