Viewing Alert Details and Replaying Sessions with Alerts
In the Alerts page of the ObserveIT Web Management Console, you can view the names, user risk level, and status of all generated alerts, organized by date/time and color-coded per risk level. In Details mode, you can view details of the conditions that triggered the alert; you can see exactly "Who?" "Did what?" "On which computer?", "From Which client?" and "When?". See Monitoring Alerts.
The following procedures describe how to view the details of an alert assigned to a risky user, and how you see a video replay of the user session in which the alert occurred (see also Viewing Alerts in the Session's Video).
To view the alert rules that caused an alert to be triggered for a risky user
- In the Risky Users area of the User Risk Dashboard, locate the user you are investigating.
- In the Alerts list alongside the user, click the specific activity alert that you want to investigate.
A new browser tab opens the Alerts page in the Management Console, displaying the activity alert. By clicking the alert, the exact alert details are displayed, as shown in the following example:
The alert details show who, did what, on which computer, from which client, and when the action(s) occurred.
- You can click the View rule details link to view details about the alert rule in summary form.
A popup window opens, displaying a summary of the alert rule conditions that triggered the alert.
To see a video replay of the user session in which the alert occurred
- In the Alerts page, click the Video icon next to the alert.
-
The Session Player opens. While replaying the session, you can see the alert indication on the timeline bar and also next to the user activity that triggered the alert (in the User Activities List).
-
In the Alert Details Panel, you can view a summary of the alert activity including alert name, severity, conditions, and the number of alerts in the session in the upper right corner (1/1 in the example).
On the replay timeline bar, you can hover over the alert icon to view the alert rule name. For further details, see Viewing Alerts in the Session's Video.