When data triggers a rule, an alert is created. The alert is an entry in the Perch console. Each alert contains the data and/or metadata of the packet/payload that triggered the rule. When an alert generated it also triggers a siren to go off in our SOC pit, causing widespread panic and mayhem, followed by investigation and escalation if necessary.
Your latest 3 alerts are seen right from the dashboard (if you have any), or you can view alerts from the alert dashboard by clicking alert icon notifications_none from the menu. On the alert dashboard alerts are grouped by host, so that you can focus on the hosts that are experiencing the largest amount of alerts.
The above is an example of an alert as seen in the app. Let’s break it down:
Curious about what to do with your alerts and how to suppress them? Learn about suppressing alerts in our other post.