Bulletin board events¶
The Bulletin board events view provides detailed information of the selected alarm events and is useful for isolating specific events and/or violators of alarm events. The view is accessible by clicking on a policy in the Bulletin boards by policy view or a violator in the Bulletin boards by violator view. Filters can be applied to most columns in this view, and the list of events can also be sorted on those columns. Additional actions are included in the Action menu to use against specific alarm events.
The columns available in this view are:
Action - A dropdown menu of available actions per event is provided in this column. Actions available may include excluding the various ip addresses from the Flow Analytics algorithm, view the raw flows for the alarm, view all alarms for the violator address, and several ip address lookup options (GEO IP, Google, HTTP, etc.)
Checkbox - Check this box to acknowledge specific events, or check the box in the header row to select all events for acknowledgment.
The remaining columns are all both sortable and searchable:
Violator Address - IP address that triggered the alarm event.
Host - IP address that the Violator Address was communicating with to trigger the alarm event.
Users - Displays the user(s) associated with the violator address while the alarm is active.
Alarm Time - The time the alarm occurred, or the time the alarm was first issued in the case of aggregated alarms.
Recent Activity - The most recent time an alarm was observed for an aggregated alarm. This will display “N/A” for a single alarm incident.
Duration - Displays the time an aggregated alarm has been active. This is the difference between the Recent Activity time and the Alarm Time. This will display “N/A” for a single alarm incident.
Events - Displays the number of individual five minute periods an aggregated alarm has been active without a break in activity longer than the “Aggregated Alarm Timeout”.
Board Name - The name of the Bulletin Board that this event is posted to.
Message - This column provides the full message text of each alarm event.