When a large number of signals are generated due to a misconfigured security rule or a customer outage, the signals are pushed to the burst queue once the ingestion rate exceeds the subscription plan's limit. Previously, the signals within this bulk were handled on the backend, but now you can manage them directly from the "Manage Burst Queue" option on the Signals page in Resolution Intelligence Cloud.
Here, you can choose to either delete these signals or prioritize them for processing. Once processed, the raw signals appear on the Signals page. Additionally, filters are available to help you sort through the signals based on your criteria.
Managing alert burst control signals
Use this procedure to manage alert burst control signals. You can delete or prioritize signals as needed. This option is visible when a signal burst occurs.
To manage burst queue signals:
1. Navigate to the Signals page from the hamburger menu.
2. Click Manage burst queue. This opens the burst queue, where you can view the total number of signals in the alert burst queue.
3. Review this information:
- External Signal ID: The unique identifier for the external signal.
- Subject: The subject of the external signal.
- Priority: The priority assigned to the external signal.
- Metric/Rule Name: The name of the rule that triggered the signal.
- Ingested Source: The source from which the signal was ingested.
- Actual Source: The low level source on which Chronicle has raised the detection. The actual source for OpsRamp will be null.
- Created Time: The timestamp of when the signal was created.
Searching Signals
Use the search field at the top of the Burst Queue page to search for signals by subject, priority, metric/rule name, or external signal ID.
Filtering Signals
- Date Range: Filters signals based on their creation date. By default, the last 7 days of signals are displayed. You can customize the date range by selecting a specific "From" and "To" date.
- Last 24 Hours: Displays signals generated in the past 24 hours.
- Last 7 Days: Displays signals generated in the past 7 days.
- Last 1 Month: Displays signals generated in the past month.
- Last 3 Months: Displays signals generated in the past 3 months.
- Custom Date Range: Allows you to define a specific start and end date for viewing signals.
- Metric/Rule Name: Filters signals based on the rule name that triggered them.
- Priority: Filters signals based on priority levels, such as P0, P1, P2, or P3.
- Ingested Source: Filters signals based on the source from which they originated, such as OpsRamp or Chronicle.
Managing Columns
Use the Manage Columns feature to control which columns are displayed on the Burst queue page, allowing for a more customized and enhanced view of the external signal data.
Deleting Signals
To delete multiple signals from the burst queue, select the group of signals and use the Delete option.
Prioritizing Signals
You can also prioritize signals in the burst queue and send them to the priority queue for processing. To do this, select the signals and choose the Prioritize option.
Using the Ellipsis Icon
Each signal has an ellipsis icon (⋮) beside it, which provides additional options. You can use this icon to either delete the signal or process it to the priority queue.
Comments
0 comments
Please sign in to leave a comment.