Gain Insight about Alerts

This optic is available only if ArcSight ESM is integrated with ArcSight Platform and the Multi-tenancy feature is enabled.

Select Dashboard & Reports > Optics > Alerts Outlook.

With the Alerts Outlook optic, you view key indicators like the alert categories that are causing a high volume of alerts, tenants and network zones that have been most affected, and entities that have been most targeted during the specified time. You can also drill down into specific areas to gather more details for further investigation, analyze the root cause, and take appropriate action.

The Alerts Outlook optic consists of the widgets that display alert data for the specified time and filter criteria. By default, all widgets display alert data for the last three days for all tenants, lines of business, industries, and priority between medium to high.

To view alerts for a specific tenant, select the tenant name from the tenant list in the top navigation bar.

The images shown in the subsequent topics are for illustration purposes only.