Skip to content

Managing Correlation Alerts

To manage correlation alerts, navigate to Settings > Alerts > Realtime to open the Realtime page. This page displays all default correlation rules available in CYBERQUEST:

Alt Image

You can perform several managerial actions on alerts using the interface icons, as described below:

  • Create a new alert: Click Alt Imageto open the Alert Settings window and define custom alerts as needed. For detailed instructions, refer to the Create New Alert.

  • Import an alert: Press Alt Image to import an alert definition from an existing CQO file.

  • Quick Filter: Use this feature to search for specific alerts by name, type, or status.

  • Alert details Alt Image: View detailed information about an alert's configuration and triggering conditions.

  • Enable/disable alert: The icon Alt Image indicates an enabled alert, while Alt Image indicates a disabled alert. Click these icons to toggle the alert's active status.

  • Edit alert Alt Image: Modify the definition of an existing alert.

  • Clone alert Alt Image: Duplicate an existing alert definition to create a new one with similar parameters.

  • Delete alert Alt Image: Permanently remove a custom alert.

  • Export alert Alt Image: Export an alert definition to a CQO file for backup or migration purposes.

  • Rows per page dropdown: Use the dropdown menu at the bottom right of the table to select the number of alerts displayed per page.

To view all triggered alerts, navigate to the Alerts Module. For comprehensive details about alert results, see the Alerts Results Section.