Resetting an alert means taking it out of the triggered state and clearing the history of all the current instances that caused it to be triggered in the first place.
When an alert is reset, it no longer appears on the Triggered Alerts portlet or as a highlighted item on the Alerts page. If the conditions that match the alert return, a new alert is triggered, new email is sent to subscribers, and the alert displays in the usual places in the console.
An alert can be reset manually or automatically:
- Manual reset – You manually reset an alert by clicking its Reset button on the Triggered Alerts portlet, the Alerts page, or the Alert History page. In addition to resetting the alert, this action adds a Reset event to the alert history, with a time stamp and the account name of the console user who performs the reset.
- Automatic reset due to a time limit – If Auto Reset is enabled for an alert, you can set a time period for an automatic reset. If the alert has not been reset manually or because of change in conditions by the time this time period expires, it us automatically reset. The default value is four weeks. If you want to allow automatic resets for changes in alert conditions but do not want an alert to auto reset based on time, you can use a very large number of weeks as the value in this field. A time-based automatic reset adds an Auto-Reset event to its history together with a time stamp. Alert email is not sent for automatic resets.
- Automatic reset due to changed conditions – If Auto Reset is enabled for an alert, changes in the conditions that triggered the alert can automatically reset the alert. If the conditions that trigger an alert instance no longer exist, that instance is removed from the list of triggered instances . If no triggered instances currently exist for an alert class, the alert notification is reset automatically. The conditions that trigger resets differ from one alert type to another, and some types do not auto reset in this way (although they still can auto reset by time period). An automatic reset of an alert adds an Auto-Reset event to its history together with a time stamp and the user making the change listed. Alert email is not sent for automatic resets.
| Alert Type |
Reset Condition |
|---|---|
| Backup Missed Alert |
Resets when backup is successful. |
| Database Limit Reached |
Resets when database size falls below the threshold. |
| Database Verification Failed |
Resets when database verification succeeds. |
| Potential Risk or Malicious File Detected |
Resets when none of the files that triggered the alert (or would have if they had been detected first) are present. |
| Carbon Black File Reputation Unavailable Alert |
Resets when your Carbon Black App Control Server reconnects to Carbon Black File Reputation and synchronization of CDC data with the server is operating properly; generates an event. |
| Local Approval Alert |
Resets when no machines are in Local Approval mode. |
| File Prevalence |
Resets if the prevalence of the specified file falls below the specified threshold. |
| Baseline Drift |
Resets when the drift in the report falls below the threshold for the specified parameter (user, computer, or policy). |
| Computer Security |
Resets when the conditions leading to it are no longer met (if this change is detectable). |
| Approval Request Alert |
Resets if enough approval requests are Closed that the total number in New or Open state goes below the triggering threshold. |
| Justification Alert |
Resets if enough justifications are Closed that the total in New or Open state goes below the triggering threshold. |
| File Propagation and Block Propagation Alerts |
No conditional reset because they are time-based alerts. For example, if an alert determined that a particular file propagated to 20 percent of your machines in a one-hour period, no future event can change what happened during the one-hour period in the past, so the alert remains triggered. Automatic reset by Auto Reset time period only. |
| Updater Modified Alert |
No conditional reset; after an updater is modified, it remains modified. Automatic reset by Auto Reset time period only. |
| Rapid Config Alert |
No conditional reset; after a Rapid Config is modified, it remains modified. Automatic reset by Auto Reset time period only. |
| New Certificate Alert |
No conditional reset. Automatic reset by Auto Reset time period only. |
| Revoked Certificate Alert |
No conditional reset. Automatic reset by Auto Reset time period only. |
| Event Alert |
No conditional reset. Automatic reset by Auto Reset time period only. |
| System Health OER Alert |
Resets when no OER indicators on the System Health page show an issue. |
