Viewing Alerts Events


The Alerts tab (on the Monitoring Results page) displays a list of all alert events, and thereby allows all alert event to be viewed in one place.

Whenever an alert is triggered, a new record of the alert event that occurs is added to the list displayed in the grid.


To be able to view the Monitoring Results page, including the Alerts tab, a Management Tool user needs to have the administrative Viewing Monitoring Results permission

NOTE: A Management Tool user can only view those alert events for which they have the relevant so-called "User to User" access permissions for, on the User Access tab (configured when editing/adding their Management Tool user or user group on the User Management page).


The following information about the alert events is displayed in the corresponding columns:

Play: The icon can be clicked to open the corresponding session (in a new browser tab) in the Session Viewer, where the Session Player is paused at the specific place in the session where the alert was triggered.

• Alert ID: The unique ID of the alert event.

• Risk: The risk level of the alert (where the color of the alert icon corresponds to the alert risk level detected), as follows:

- Alerts with the Critical risk level are indicated by a red () icon.

- Alerts with the High risk level are indicated by an orange () icon.

- Alerts with the Normal risk level are indicated by a blue () icon.

• Name: The name of the alert triggered.

• Description: A description of the alert.

• What: The user activity that triggered the alert.

• Who: The user name of the user who triggered the alert.

• Where: The name of the Client computer on which the alert was triggered.

• When: The date & time when the alert was triggered.

• Keywords: The value(s) defined in the alert rule(s) that triggered the alert.

: The Settings icon can be clicked to edit the alert which was triggered (on the Alert Management page).

The grid automatically refreshes every 60 seconds.


To filter the alert records displayed in the grid, click the required filter (Risk, Name, OS, Who, When, and Where) at the top of the page, and select one or multiple checkboxes as required (the data can be filtered by multiple filters at once).

To search the records, enter a keyword into the Search field (in the top right of the page).

To sort the records, click the required column header. The column sort order can be changed from descending to ascending, or vice versa, by clicking the column header again, and is indicated by the up/down arrow icon in the column header (the records can be sorted by any column except the Description column, and can only be sorted by one columns at a time). 

NOTE: If the data is not sorted by a column, the Sort arrow is not shown in the column header.

To adjust the width of the columns, place the cursor over the separator between the required column headers, and drag and drop the separator left or right, as required.

To change the number of records displayed per page (if there are more than 50 alert events), click the Load More button (at the bottom of the page) to display an additional 50 records each time it is pressed.