Skip to main content

Hello everyone, the latest Devo Platform release is here! Release 8.8.20 brings a whole host of updates for Alerts! Starting with the new triggered Alerts details page increasing the number of actions you can take from one location.  Next we have a new capability to find Alerts by Alert ID with the newly integrated ID search feature.  The Alerts type field has received new values to better match the creation of the alert.  An new field was added to the audit table devo.audit.alert.definition called “info” as well as a new audit table for Alert triggered operations.  Find the full details of this release in this article.

 

Geo Availability

Region Status
GovCloud Released
CA Released
US Released
EU Released
APAC Released

 

Table of Contents

 

New Features

New Triggered Alerts Details page

This functionality is launched from the triggered alert ID, and opens up the alert in full detail.  This new page is available even if the alert is grouped.   New page has 2 tabs:

  • Overview tab: Alert details management
  • Annotations tab: Alert annotations management

Searcy by Alert ID

A new search box was added to the Triggered Alert page to allow you to search by full or partial Alert ID.   Find your alerts quickly with this new feature!

Redefined Type field when Grouping Alerts

Rebuilt for clarity of purpose, now when grouping alerts you get new options in the type field that match better to the actions being taken.

Old Type Values New Type Values
api_custom each
default several
custom low
etcetera gradient
  deviation
  rolling
  generic

 

New “info” field added to audit table devo.audit.alert.definition

New JSON field “info” has been added to this audit table and will include the JSON corresponding to the Alert request operations. Containing:

Operation Content
Creation  Entire JSON of the Alert creation request
Edit Entire JSON of the Alert editing request
Enable/Disable an empty JSON
Deletion an empty JSON

 

Here how it looks:
 

New audit table devo.audit.alert.triggered

This new audit table is now available in all domains where the System will log (for audit purposes)all the user activities related to triggered Alert operations made in the domain.  The table will have the same structure as “devo.audit.alert.definition” except that the “info” field will now contain only the changed value.

The tracked changed values are

  • Triggered Alert Status
  • Triggered Alert Priority
  • Triggered Alert Delete

Bug Fixes

Alert Bug Fixes

  • Fixed alert creation/cloning when Alerts running limit is reached
  • Fixed error when clicking “go to query” on Monitoring Alerts.

Flow Bug Fixes

  • Fixed duplicated triggered alerts after restart
  • Fixed alert recovery after upgrading flow
  • Fixed null creation date on some contexts

 

It would be great if the triggered alert table log will contain comments/annotations added by the analyst. 
Also, what does those Status mean on the log? 
I can see entry with status “1”, status “300”.

Will there be plans to include other conditions for group by alerts other than SecOps name, like e.g. priority or by client in multi-tenancy environment and include more conditions for filtering?

@aashishadhh I believe you can find the comments in secops.alerts.enriched table in commentMsg field if your analyst has written any comemnts.

 

Here’s the correlation for status - 

  • Unread → 0

  • Updated → 1

  • Watched → 100

  • False positive → 2

  • Closed → 300

 

@kengwong.lee In SecOps you can filter by priority. As for client in multi-tenancy let me ask around if it’s possible yet or else will ask for a feature request.

@kengwong.lee In SecOps you can filter both by priority and subdomains. This option will only appear if you’re working on a multitentant domain. Use it to filter by children domains.

Thank you @hitesh , I also have some responses from the Product team:

@aashishadhh 

Yes, we plan to audit actions on annotations once we provide the feature to edit/delete them. The status number refers to the status described here  https://docs.devo.com/space/latest/528973959/Change+triggered+alerts'+status
 

The relationship between numerical values and status/priority values is detailed in this article:
https://docs.devo.com/space/latest/95206409/Alerts+monitoring

 

@kengwong.lee 

Yes, we are planning to add more filtering and grouping conditions. Please let us know if you find value in Grouping by Priority; your feedback can influence development!

Thank you great updates!

Terms & ConditionsCookie settings