The Alert Management page displays the rules for managing alerts in NSX Network Detection and Response.
NSX Network Detection and Response matches the events against the user-defined filters contained in these rules. Matching events are converted to INFO
events (Demote) in the NSX Network Detection and Response UI, are deleted, or are assigned a custom impact value based on the selected action.
The Custom rules list defines the alert rules.
The quick search text box above the list provides the as-you-enter search feature. It filters the rows in the list, displaying only those rows that have text, in any column, that matches the query string.
Click on the right side of the page to add a new alert rule. The Manage alert sidebar is displayed. See Working with the Manage Alert Sidebar for details.
You can customize the number of rows to be displayed. The default is 25 entries. To navigate through multiple pages, use the pagination icons.
Column Name | Description |
---|---|
Rule Name | The name of the alert rule. To sort the list by rule name, click in the list header . |
Expression | The matching expression of the rule is a number of filters that are matched against events. The expression may be truncated if it is too long. Expand the row to display the full content of the rule by clicking or anywhere on the entry row. To sort the list by expression, click in the list header. |
Rule Action | The rule action defines what to do with an event that matches the expression: The rule name is appended to the action as a custom tag, for example To sort the list by rule action, click in the list header. |
Last Modified | The date and time of the last modification of the rule. |
Actions | To view/edit the rule, click . The Manage alert sidebar displays to allow you to view or make changes to the rule. To remove the rule, click . |