Privileged Behavior Alerts

alt

Use the search field to locate specific Alerts by searching on text from any of the rows in the table. Columns include:

  • Severity: whether the event justified an Alert (serious event) or a Warning (minor event)
  • Score: the numerical score given to the event depending on its severity and the severity of incorporated events
  • User: the Verify Privilege Vault User who caused the Alert; clicking their name opens the User Details page
  • Range of Activity: the time span within which the Alert occurred; includes an optional timeline graphic
  • IP Addresses: the IP addresses used during the alert period with links to each IP Details page
  • Secret Accesses: any Secrets accessed during the time span of the Alert that contributed to the Alert; clicking on the Secrets opens the Secret Details page
  • Admin Actions: any administrative actions taken in Verify Privilege Vault during the time span of the Alert that may have contributed to the Alert; clicking on the Admin Actions listed displays the table of all administrative activity for that User
  • Temporal Behavior: a time entry will be listed here if the Alert occurred at a time the User does not normally access the Secrets involved in the Alert; clicking on the time entry will display the User’s Temporal Data.
  • Actions: provides options to See details bout the alert, Dismiss the alert as normal behavior, or Clear & Watch the alert as abnormal behavior

    • To further investigate the Alert, view details and a timeline, log actions you have taken on the Alert, adjust the importance of any involved Secrets, or provide feedback to IBM Security on the usefulness of the Alert, click See details.

      alt

    • Clicking Dismiss or Clear & Watch removes the alert from the page and saves it to Historical Behavior Alerts

Historical Behavior Alerts

The Historical Behavior Alerts page archives Alerts after they have been cleared from an Active state.

You can reach the Historical Behavior Alerts by navigating to Alerts > Historical Behavior Alerts.

alt

In viewing Historical Behavior Alerts, note these fields:

  • Changed by: the VP-VA User who cleared the Alert
  • Notes: notes left on the Alert before it was cleared