Overview

Overview of Sentinel Web Alerts

The Sentinel Web Alerts module provides flexible monitoring for the critical equipment on which your operations depend. It builds on SmartSignal’s early failure detection, with capabilities that support you throughout the alert management lifecycle.

The heading of the Alerts page contains the following buttons:

: Displays the asset hierarchy.
: Displays the pre-defined filter sets that you can use to filter the alerts. The filter set that is currently applied to filter the alerts along with the number of alerts that meet the filter criteria appear next to .
: Refreshes the Alerts page to display the new alerts that match the applied filter set. By default, the Alerts queue is refreshed only when you select . However, you can enable auto-refresh for the view to be automatically refreshed in specific intervals by selecting the time interval in the drop-down list box next to . Disabling auto-refresh prevents new alerts from loading until you manually refresh the queue.
Note: When you select an interval time to refresh the Alerts Inbox view and Alerts Grid view, your selection persists between both views so you can get the most recent results. Your filter and grid customizations also persist after refreshing.
: Exports all alerts to a CSV file and downloads the CSV file to your local drive.
: Switches the view to Alerts Grid view which displays the alerts in a tabular format.
Note: When you are in the Alerts Grid view, the button changes to and you can select this button to switch the view to Alerts Inbox view.

Alerts are displayed in a queue once the Alerts microapp has opened. The filter My Alerts opens by default. The other default filters can be accessed by selecting

next to the filter name:

Active Alerts: All alerts currently active
Unclaimed: Not yet assigned or claimed
All Alerts: All alerts in the database
My Alerts: Claimed by you

You can sort the queue by Time Received, Severity, or Alert Name. If you sort the alert inbox by Time Received, Severity, or Alert Name, the sorting persists when you switch to the Alerts Grid view. Once you have done the initial sorting, you can further sort by Ascending or Descending.

From the queue, each alert displays the following information when available:

Alert name, severity, and the number of latched alerts displayed in parentheses between the severity and alert name. If there are no latched alerts, then nothing displays between the severity and alert name.
Incident count next to the alert name.
Date the alert was received.
Status of the alert.
Asset ID and site name.

An alert selected from the queue provides information about the alert and acts as a repository for notes and evidence pertaining to the alert.

About Alert Details Page

The Alert Details page displays the information about a given alert. The Alert Details page is divided into multiple sections to provide the functionalities or information about a selected alert. You can access these sections in the following ways:

By scrolling the Alert Details page.
By selecting the icon corresponding to the section in the shortcut menu.

The shortcut menu in the Alert Details page provides an easy way to access any section in the page. The menu contains icons corresponding to each section of the Alert Details page and appears near the scroll bar.

By default, the sections of the Alert Details page are expanded. However, you can collapse a section by selecting the heading of the section.

The Alert Details page contains the following sections:

Alert Header

The Alert Header contains basic information about the alert:

Alert name and severity: Select to display a tooltip with an alert description, date and time for receipt of the alert.
Alert status and disposition: The Disposition drop-down list box for the alert appears when a claimed alert has a New or Assigned status. If the alert has already been processed, the page displays the previously selected disposition.
Claim Alert button, based on the status of the alert.
Create Case button: This button appears when you have claimed an alert.
Actions menu: , where you can release a claim, assign an alert, or mark the alert as dismissed.

Alert Information

In the shortcut menu, the

icon represents the Alert Information section. This section contains the following information on the alert and the asset associated with the alert:

Timestamps of the first and last occurrences of the alert: These values indicate the last processed and last observation timestamps of the alerts.
Name of the owner of the alert
Asset Name
Asset Path

Scan Group Data

In the shortcut menu, the icon represents the Scan Group Data section. This section provides tag names and values for the tags that contribute to the alert.

Charts

In the shortcut menu, the icon represents the Charts section. This section provides a link to the associated alert chart on the Charts page. Accessing the link opens the template in a new browser tab.

Notes

In the shortcut menu, the icon represents the Notes section. You can use this section to read and add public notes related to the alert.

Asset Information

In the shortcut menu, the icon represents the Asset Information section. This section lists the name of custom attributes and their values for the asset associated with the alert. If there are no custom attributes available for the asset, the section will not contain any data. Additionally, you can hide the custom attributes for which no value is configured by selecting the Hide empty values check box.

Linked Cases

In the shortcut menu, the icon represents the Linked Cases section. This section displays a list of cases created by the alert. You can select to link a case to the alert.

Evidence

In the shortcut menu, the icon represents the Evidence section. You can use this section to upload images and documents related to the diagnosis of the issue. You also can view saved alert charts. You can select to upload new files related to the alert.

About Alert Severity and Status

Alert Severity

Each alert displays a colored box containing a number, both of which reflect the severity of the alert.

Table 1. Alert Icon Colors and Corresponding Severity Levels
Color	Severity Level
Dark Red	1
Red	2
Orange	3
Pale Orange	4
Yellow	5
Blue	6

Alert Status

The following table shows the possible alert statuses and the corresponding status indicators:

Table 2. Possible Alert Status
Status	Indicator	Description
Acknowledged		When an alert is under review, the status changes to Acknowledged. This status is used when observing how the situation progresses.
Assigned		Alert has an owner.
Deferred		Indicates that the alert has been deferred for a time period. This action can only be performed from the Sentinel desktop client.
Dismissed		Indicates that the alert has been marked as dismissed.
Escalated		Indicates that the alert has been escalated.
Investigating		Indicates that the alert is being investigated.
New		Indicates that the alert is new and ready to be claimed.
Pending		Indicates that a decision has been made to take an action on a later date. This status is used for real equipment issues, while waiting on the planned mitigation of the issue.
Retrain Deferred		Indicates that the alert has been deferred for model retraining. This action can only be performed from the Sentinel desktop client.
Retrain Pending		Indicates that the alert is waiting for model retraining. This action can only be performed from the Sentinel desktop client.