Analyze your alerts to get information on possible attack threats.
In WSA, you can view alerts by clicking the Alerts tab in the column on the left. If any alerts were active in the selected time range, the column displays triggered alerts and automatically selects the most recent alert, the details of which then appear in the main area.
You can use the left-hand column’s View menu to display alerts filtered by the following categories: Triggered, Enabled, Disabled, Deleted, Customer (customer-owned), Akamai (Akamai-owned), or All.
After you select the appropriate category and click an alert entry in the list, alert details appear on the right.
The information you can view here includes the alert filter, threshold, sensitivity type, and other alert settings such as the priority or the owner.
To the right of the Alert Details section is a count of triggered alerts in the currently analyzed time range.
Clicking an entry in the Occurrences list starts an analysis of an alert. The alert’s filter and the occurrence time range are applied to the data in the Statistics View and the dimension values for your analysis appear in Results.
When you hover the cursor over the chart, you can see the names of alerts that were triggered during a specific time frame. Each alert priority is denoted by a different color that overlays the chart.
You can select an alert from the list that appears on hover to highlight the alert on the chart. Selecting an alert this way also shows its details, occurrences, and configuration events.
The entries in Configuration Events show the actions performed on an alert—such as its creation, modification, or deletion—in the currently analyzed time range. Configuration events provide the following information:
- The timestamp of the event
- The action (created, edited deleted, etc.)
- The user who made the change
- Any comments the user entered
All configuration events are also visible on the chart.