Configure ThreatSync+ NDR Smart Alert Controls
Applies To: ThreatSync+ NDR
The Smart Alert Controls list is an ordered set of rules to filter Smart Alerts. You use the list to view and configure the types of Smart Alerts that ThreatSync+ NDR ignores.
When you close a Smart Alert and select the option to ignore and automatically close similar Smart Alerts, ThreatSync+ NDR automatically creates a rule and adds it to the Smart Alert Controls list when they occur. The list shows the types of Smart Alerts that ThreatSync+ NDR ignores, based on the source organization, major actors, ports, and destination levels of the Smart Alert.
From this list, you can disable rules so that they no longer run, enable rules that you previously disabled, or delete rules to remove them from the list.
If you disable or delete a rule, every new Smart Alert is no longer ignored and shows on the Monitor > ThreatSync+ NDR > Smart Alerts page. If you enable a previously disabled rule, all new Smart Alerts that meet the criteria are ignored and will not show on the Smart Alerts page.
The Smart Alert Controls page shows every closed Smart Alert where the Ignore Similar Smart Alerts check box is selected.
The Smart Alert Controls page shows these columns:
- Status — Status of the Smart Alert. The status can be Enabled or Disabled.
- Time Last Changed — Date and time of the last change to the Smart Alert.
- User — The email address of the user that closed the Smart Alert.
- Smart Alert — The type of Smart Alert that was closed. For example, Probing or Reconnaissance Activity.
- Behavior — The type of behavior that should be ignored. For example, Horizontal Port Scan.
- Rule Description — The description of the rule that was selected to be ignored. This is either the default rule, or the specific properties you selected in the advanced options when you closed the Smart Alert.
To configure ThreatSync+ NDR Smart Alert Controls:
- Select Configure > ThreatSync+ NDR > Smart Alert Controls.
The Smart Alert Controls page opens.
- Select the check box next to one or more Smart Alerts.
- Click .
- To change the status of the rule, select Disable, Enable, or Delete.
For more information, go to Review Smart Alert Details.