/
Filtering the Alarms & Alerts Page

Filtering the Alarms & Alerts Page

This page displays the tickets created from incidents—alarms and alerts. These tickets include information such as:

  • Time created

  • Type of incident

  • Subject of the ticket

  • Impact level of the ticket

  • Source IP of incident

  • Destination IP

  • Ticket Status

  • Closure Code

For more information on events, alarms, and alerts, see Introduction to Events, Alerts, and Alarms.

You can find even more information by clicking the ticket to open it. 

On this page, you can also suspend users from Office 365, Okta, or Duo.

To find the ticket you're looking for, you can use the filter tools to create criteria that filter out the tickets you don't want to see. You can create criteria based on:

  • Dates

  • Keywords

  • Type: Alerts, alarms, or both

  • Status: All, awaiting SOC, open, or closed

  • Impact: High, medium, low, or all

You can combine some or all of these criteria, and they will all be applied to focus the tickets list.

Filters are active until you remove them, even if you navigate to another page. When you return to the dashboard, the filter will still be in place.

FilterTableArrowsExport.png
Raw Events

The Raw Event field shows information on the event that triggered the incident, in an unprocessed state. This data will be in its raw format or protocol, whether that is xml, json, or syslog.

To filter the list of tickets

  1. In Barracuda XDR Dashboard, click Intelligence > Alarms & Alerts.

  2. In the From box, select a date.

  3. In the To box, select a date

  4. Do any of the following:

    • In the Type area, click All, Alerts, or Alarms.

    • In the Status area, click All, Awaiting SOC, Open, or Closed.

    • In the Impact area, click All, High, Medium, or Low.

  5. Click Search.

For more information about what you can do with tickets, see Viewing Tickets on the Alerts & Alarms Page.

You can also:

 

 

 

 

Contact Us
Barracuda Campus
Barracuda Support