Alerting

Kentik's Alerting page is covered in the following topics:

• About the Alerting Page
• Alerting Page UI
• Alerting Breakdowns
• Alerts List Filters
• Alerts List
• Alert Debug Dialog
• Alert Details Drawer
• Alert Details Page
• NMS Alert Details Page

Notes:
- For a high-level introduction to Kentik's alerting system, see Policy Alerts Overview.
- For a complete list of the portal locations involved in the management and configuration of alerts and mitigations, see Alerting Pages.

The Alerting page lists current and historical alerts generated by Kentik's alerting system, including important information such as the time, severity, and status of alerts, as well as the dimensions and metric values involved in the conditions that triggered each alert. This page also provides access to the Policies Page, where you can manage and configure the policies that generate alerts and determine the system's response to alerts (e.g. notifications and mitigations).

The Alerting page provides information about current or recent alerts in your organization. The page includes the following UI elements:

• Manage Policies: A button that opens the Policies Page (in the same tab).
• Actions: A button that pops up the Page-wide Actions Menu.
• Alerting breakdowns: A set of cards with bar charts showing the breakdown of alerts in categories including status, severity, type, and policy (see Alerting Breakdowns). The breakdowns cover the time range selected in the Filters tab (see Alerts List Filters). Hover over any bar in a graph to open a popup with additional information about its alerts.
• Show/Hide Filters (filter icon): A button that toggles the Filters pane between expanded and collapsed.
• Group By: A drop-down from which you can choose a property, e.g. status, severity, type, policy, or primary dimension. Alerts that share the same value for that property will be grouped in the table.
• Search: A field that shows lozenges for the filters currently set in the Filters pane and also enables you to enter text. The Alerts list will be filtered to show only rows that contain the entered text. Click the X at the right of the field to clear entered text, and the X in a lozenge to clear the corresponding filter.
• Filters Pane: A set of controls that enable you to filter the Alerts list (see Alerts List Filters).
• Action controls: A set of controls that appear at the top left of the Alerts list and are present only when one or more checkboxes are selected in the Alerts list, enabling you to apply an action to all selected alerts:
  - Action buttons: Buttons that apply the actions detailed in Alert-specific Actions.
  - Selection indicator: Indicates how many alerts are currently selected.
• Alerts List: A table listing your organization’s alerts (see Alerts List).

The page-wide Actions menu for the Alerting page pops up from the Actions button in the top right corner. This menu includes the following options:

• Export: Prepares a visual report (PDF) or data table (CSV) to export as described in Portal Export Options. A notification appears at the top of your screen when the report is ready to download.
• Subscribe: Opens the Subscribe dialog enabling you to create a subscription for your organization’s alerts. The form in the Subscription dialog is the same as on the Subscription tab of the Share dialog (covered in Subscription Tab UI), with the exception of the Share, Selected View, and Lookback fields, which are not included.
• Unsubscribe: Opens the Unsubscribe dialog. To unsubscribe from a subscription, open the Subscription drop-down, select the one you’d like to unsubscribe from, and click Unsubscribe.
  Note: This option only appears if you are currently subscribed to one or more alert subscriptions.

The Alerting breakdowns are cards across the top of the page that each display a bar chart representing a different breakdown of alerts. The breakdowns reflect the currently selected Time Range (see Alerts List Filters). Hover over any of the colored bars in a chart for a popup giving the kind and count of the alerts represented by that bar.

A breakdown chart is provided for each of the following categories:

• Status: The bars in the chart each represent alerts with one of the following statuses:
  - Ack Required: The conditions that resulted in the alarm are no longer present, but an acknowledgement is required from a user in your organization before the alert is "cleared” (blue indicator).
  - Alarm: The conditions that resulted in an alarm are ongoing (orange indicator).
  - Cleared: The conditions that resulted in an alarm are no longer present and an acknowledgement, if required, has been provided (green indicator).
• Severity: The bars in the chart each represent the alerts that were triggered by alert policy thresholds of a given severity level (see General Threshold Settings): Critical (dark purple), Severe (plum), Major (red), Warning (orange), or Minor (yellow).
• Type: The bars in the chart each represent the different types of alerts: Custom, DDoS, or Query-Based.
• Policies: The bars in the chart each represent an individual policy that triggered during the selected time range, arranged in descending order from the left based on the number of times each policy triggered. The popup (on hover) gives the name, type, ID, and alert count for the policy.

The alerts displayed in the Alerts List can be filtered using the controls in the Filters pane on the left. The pane includes the following filters:

• Clear all (appears only when you’ve specified one or more filters): A button that removes all currently set filters.
• Time Range: A control set that filters the listed alerts to specified time range (see Time Range Filter).
• Status: Checkboxes that filter the alerts to those whose current status matches one of the following:
  - Ack Required: Alerts that are no longer in alarm state but must be manually acknowledged (per alert policy) before being cleared.
  - Alarm: All alerts in an alarm state.
  - Cleared: Alerts that have been cleared.
• Severity: Checkboxes that filter the alerts to those whose severity matches one of the following: Critical, Severe, Major, Warning, or Minor The severity is determined by the alert policy threshold that triggered the alert.
• Type: Checkboxes that filter the alerts to those whose type matches the following: Custom, DDoS, or Query-based (see Policy Types).
• Alert ID: A field into which you can enter an alert's ID number to filter the list to that alert.
• Policy Names: A field that, when clicked, pops up a list from which you can choose a policy by name:
  - The popup includes a filter field into which you can enter a policy name or ID to narrow the policies listed, which can then be selected individually (by clicking) or as a group (with the Select All button).
  - Each selected policy will appear as a lozenge in the Policy Names field and the Alerts list will be filtered to alerts from those policies.
  - To add more policies, click in the field again.
  - To remove a policy, click the X at the right of its lozenge.
• Show Tenant Alerts: A switch that determines whether or not My Kentik Portal tenant alerts are displayed in the Alerts list.
• Tenants (present only when Show Tenant Alerts is enabled): A field that, when clicked, pops up a list from which you can choose a tenant by name:
  - The popup includes a filter field into which you can enter a tenant name to narrow the tenants listed, which can then be selected individually (by clicking) or as a group (with the Select All button).
  - Each selected tenant will appear as a lozenge in the Tenants field and the Alerts list will be filtered to alerts from those tenants.
  - To add more tenants, click in the field again.
  - To remove a tenant, click the X at the right of its lozenge.
• Dimension Value: A field with which you can narrow the list to alerts in which the value of a dimension in the key definition matches the entered text.
• Exact Dimension Value Match: A switch that determines whether the string entered in the Dimension Value field is matched strictly or loosely.

The Time Range control filters the alerts in the Alerts list to those that were active within a specified time range (UTC). Options include the last hour, last 8 hours, last 24 hours (default), last 7 days, last 14 days, last 30 days, last 90 days, or a custom time range (see Custom Time Range Settings). After selecting a time range, click Apply to apply the filter or Cancel to keep the previously selected time range.

Note: The values in the top (start time) and bottom (end time) fields can be changed before the time range is applied.

The Alerts list on the Alerting page is covered in the following topics:

• About the Alerts List
• Alerts List Columns
• Customize Columns Popup
• Alert-specific Actions
• Alert Status

The Alerts list is a filtered table (see Alerts List Filters) providing information about alerts triggered by your organization's alert policies. Each row in the table represents an individual alert. Click on a row to open the Alert Details Drawer, which displays additional details about the alert.

The columns displayed in the Alerts list are set with the Customize Columns Popup, which opens from the Customize button at the right of the table's heading row. The table can include the following columns (click on a column heading to sort the list, ascending or descending):

• Select All (in heading row): A checkbox for toggling the selection state of all alerts in the list:
  - If either no checkboxes in the list itself are checked or only some are checked then clicking this checkbox will select all listed alerts.
  - If all checkboxes in the list are checked, clicking this checkbox will deselect all alerts.
• Select (in alert rows): A checkbox for selecting an individual alert. When you click the box for one or more alerts, an Acknowledge button appears at the top of the Alerts list. If the alert status of any of the selected alerts is Ack Required, clicking this button acknowledges the Ack Required alerts.
  Note: The Acknowledge button is greyed out unless an Ack Required alert is selected.
• Status: The current status of the alert (see Alert Status).
• Severity: The severity level (Critical, Severe, Major, Warning, or Minor) of the alert policy threshold that triggered the alert.
• Type: The type of alert policy: DDoS, Query-based, or Custom (see Policy Types).
• Policy: The policy name as defined in the alert policy.
• Policy ID: The policy ID as defined in the alert policy.
• Tenant: If your system includes tenants (see Tenants in Tenants and Packages) and you’ve enabled Show Tenant Alerts in the Alerts List Filters, your Alerts list will include your tenant’s alarms.
• Dimensions: The dimensions (see Dimensions Reference) of the key definition, and their values for the keys that caused the alert to enter alarm state (see About Keys). For example, if the key definition is Dest IP, Device (two dimensions) and the key itself (a unique combination of values for the two key dimensions) is 1.10.1.174:s414_ida9_nektie_com then the Dimensions column would show this:
  Dest IP:1.10.1.174
  Device:s414_ida9_nektie_com
  Note: If a dimension value is rendered in blue you can click it to go to its Details page in Core (see Core Details Pages).
• Metric: The volume of traffic matching the key (see About Keys). The top-X ranking of traffic is performed by evaluating the volume of this matching traffic as measured in the primary metric (see Data Funneling).
• Mitigation ID: The Kentik-generated unique ID for the mitigation.
• Alert ID: The system-generated unique ID assigned to the alert when it was triggered. Click the ID to display the alert and its data on the Alert Details Page (opens in new tab).
• Duration: The length between the alert start time and alert end time.
• Time: The time (UTC) of the following:
  - The start time of the event that triggered the alarm state.
  - If the event is waiting for an acknowledgement or has been cleared, it shows the end time of the event that triggered the alarm state. Otherwise, the alert is indicated as “Currently Active.”
• Action: A vertical ellipses at the right of each alert's row, which pops up a menu from which you can apply an action to that alert (see Alert-specific Actions).

Notes:
- To clear an alarm manually from the Alerts list, see Acknowledge in Alert-specific Actions.
- Alert policies don't generate alerts when in an error state. If you aren’t seeing alerts when you think you should, check the Policy Status on the Alert Policies page (see General Policy Settings).

The Customize Columns popup enables you to choose up to 11 columns to include in the Alerts list. To access the dialog, click the Customize button on the top right of the list.

The popup includes the following UI elements:

• Choose columns: Each checkbox to the left of a column name determines if that column is displayed (checked) or hidden (unchecked) in the Alerts List.
• Order columns: Handles to the left of the checkboxes allow you to click and drag the columns into the desired order.

Once you’ve chosen the columns to include, click outside the popup to close it and save your column selections.

Actions can be applied to an individual alert from the following locations:

• Action popup menu: Choose an action from the menu that pops up from the vertical ellipsis at the right of each alert's row in the Alerts list.
• Alert Details Drawer: Click a button in the Take Action section of the Alert Details Drawer.
• Alert Details Page Sidebar: Click a button in the Take Action section of the Alert Details Page Sidebar.

Available actions vary depending on the current status of the alert. The following actions may be available for a given alert:

• View Details: Open the Alert Details Page for that alert in a new tab.
• Silence Alert: Hide alerts matching that alert’s key for seven days (see Silent Mode).
• Acknowledge (Ack Required alerts only): Acknowledge the alert, changing the alert’s status from Ack Required to Cleared.
• Open Dashboard: Open (in the same tab) the dashboard specified with the Policy Dashboard setting (see General Policy Settings).
• Manage Policy: Go to the Edit Policy page for the alert policy (see Policy Settings Pages).
• Debug Alert: Open the Alert Debug Dialog.

The table below lists the statuses shown for alerts in the Alerts list.

Note: You can narrow the Alerts list based on status using the Status filters (see Alerts List Filters).

The Alert Debug dialog is covered in the following topics:

• About the Debug Dialog
• Debug Dialog UI
• Debug Graph

The Alert Debug dialog provides context that helps you better understand why a threshold (see About Alert Thresholds) in a given alert policy triggered an alarm. The debug feature, which is available for all user levels, alert types, and alert statuses, is accessed via the Debug Alert button (see Alert-specific Actions).

The Alert Debug dialog includes the following UI elements:

• Title bar: The policy name, policy ID, and alert ID are displayed in the format “Debug Policy name (Policy ID) - (Alert: Alert ID).”
• Close: An X in the upper right corner that closes the dialog.
• Lookback: A drop-down menu that adjusts the time range of the chart to 14 hr, 56 hr, 15 days, or 30 days back from the present. The currently selected time range is displayed in the control.
  Note: If the alert was triggered before the start of the selected time range, the start of the range will be adjusted to include the start of the alert.
• Alert triggers: A set of fields (to the right of Lookback) giving the values of the dimensions that triggered the alert (also found in the Trigger section of the Alert Details Drawer).
• Graph: A dot chart covering the selected Lookback range, with plots as listed in Debug Graph.

The Debug graph is a dot plot for various types of data about the alert. Hover over an individual dot to open a popup with a timestamp and additional information, and also to dim all dots of a different type (e.g. baseline dots will dim when hovering over a match).

The chart includes the following elements:

• Time: The horizontal axis shows the time range set with the Lookback control (see Debug Dialog UI).
• Values: The measurement and units of the vertical axis are determined by the dimensions and metrics chosen in the policy.
• Triggering event: The point in time at which the alert was triggered, shown as a vertical red line.
• Matches: Purple dots that each represent a match between the evaluated traffic and the conditions defined in any of the policy’s thresholds (see About Matches).
• Baseline: Brown dots that represent baseline values if baselining is on for this policy (see Policy Baseline Settings).
• Baseline Fallback: Green dots that represent fallback baseline values if baselining is on for this policy but no baseline exists (see Threshold Configuration).
• Static Threshold: A horizontal red dashed line that represents the policy’s static threshold (see Threshold Conditions).
• Policy Min Traffic: A horizontal purple line that represents the minimum traffic threshold (see Building Your Dataset). Keys whose traffic is below this amount won't be plotted in the chart.
• Legend: A set of dot and label combinations showing the colors used for the different types of data plotted on the chart. The legend can be used to control how the various data types are displayed in the chart:
  - Solo: Hover over a combination dim all other data types.
  - Dim: Click a combination to dim plots of that type.

The details drawer for a given alert slides out from the right side of the page when the row for that alert is clicked in the Alerts List. The information shown in the drawer varies depending on whether or not the type of the alert is NMS:

• Threshold Details Drawer
• NMS Details Drawer

The details drawer for threshold alerts shows the following information:

• Policy: The name of the alert policy by which the alert was triggered (see Alert Policies).
• Chart: A representation of the traffic that triggered the alert, providing context (baseline and thresholds) around why the alert triggered.
• Severity: The alert’s severity level (Critical, Severe, Major, Warning, or Minor). Severity is determined by the alert policy threshold that triggered the alert.
• Alert Start Time: The start of the period evaluated for the alert.
• Event End Time: The end of the period evaluated for the alert, minus the counter reset time set on the policy’s Thresholds tab.
• Alert End Time: "Currently Active" if the alert is currently active, otherwise the end of the period evaluated for the alert.
• Status: The state of the alert: Acknowledgement (Ack) Required, Alarm, or Cleared.
• Alert ID: The Kentik-assigned unique ID for the alert. Click the link to view the Alert Details Page.
• Trigger: The alert policy threshold conditions that were matched, triggering the alert (see Threshold Conditions).
• Stats: The contents of the Dimensions and Metric columns in this alert's row of the Alerts list, showing the key dimension (target) whose values matched the threshold conditions, as well as the values themselves.
• Mitigation Details: Information about the mitigation automatically triggered by this alert, if any is defined by the alert policy.
• Take Action: A set of buttons for additional steps that you can take related to the alert. See Alert-specific Actions.

For an NMS alert, the details drawer contains the same information as for any other alert type, with the following additions:

• View in Metrics Explorer: A link at the top of the drawer that takes you to Metrics Explorer (in the same tab), where the settings of the Query sidebar will correspond to the values set in the alert’s policy.
• Lookback: A drop-down at the top of the drawer that sets the time range of the visualization. The options include Alert +/- 1 hr (default), Alert +/- 24 hr, Last 3 hours, Last day, Last 7 days, Last 30 days, and Last 90 days.
  Note: For the Alert +/- display options, the graph will display from 1 or 24 hours before the alert was triggered until the current time.
• Visualization: If data is available, most alerts feature a visualization, appropriate to the alert type, at the top of the alert details drawer. For Up/Down alerts, you’ll see an Up/Down Visualization.

The details pages for individual threshold alerts are covered in the following topics:

• Alert Details Page Access
• Alert Details Main Display
• Alert Details Page Sidebar

Note: The Details page for NMS alerts is different; see NMS Alert Details Page.

The Details page for an individual threshold alert can be reached in the following ways:

• From the Alerts List, either:
  - Click the alert’s ID in the Alert ID column, or
  - Choose View Details from the popup Action menu (vertical ellipsis) at the right of the alert’s row.
• From an Alert Details Drawer, either:
  - Click the View Details button at the bottom of the drawer, or
  - Click the Alert ID.
• From the DDoS Defense page (DDoS alerts only): choose View Details from the Action menu popup at the right of the alert’s row in the Attacks Within the Last 24 Hours table.

Note: Depending on your browser settings, details pages may open in a new tab or window.

The main display area of the details page for an alert from a threshold policy is divided into a set of panes, detailed below, that are intended to provide actionable details about the individual alert.

The top-most pane of the page contains the following information:

• Alert name: The name of this alert, as defined in its policy.
• Description: A brief summary (if provided in the alert policy) of the specific situation about which this alert is intended to notify users.

This pane shows some or all of the following elements (depending on factors including alert type and the dimensions in the key definition):

• Dimensions: The names and values of the key dimension(s) — for example, a device and a destination IP address — whose value triggered the alert.
• Statistics: Statistics that illustrate the situation that generated the alert. Depending on the configuration of the alert policy, these may include information such as baseline flows/s (if the policy uses baselining), actual flows/s, and actual Kpackets/s.
  Note: Each statistic included as described above will be accompanied by a comparison of the actual value to the triggering value defined in the alert policy. For example, if a condition in the policy threshold is "flows/s value is greater than 200% of baseline" then the flows/s statistic will state not only the actual flow/s but also the percent by which the flows/s exceed the baseline flows/s.

The Data pane shows charts and tables related to the condition that caused the alert. The structure of the Data pane depends on the type of alert:

• Custom and query-based alerts: The pane includes a time series chart illustrating the traffic (shown in metrics selected in the policy) that caused the alert.
• DDoS alerts: The pane includes six tabs, each displaying charts and tables showing a different aspect of the traffic covered by the alert (see DDoS Data Tabs).

For all types of alerts, the View in Data Explorer link below each chart takes you to Data Explorer (in the same tab), where the Query sidebar will be set to correspond to the values of the alert’s key. The pane also includes, at the bottom of the page, a Why Was This Triggered? section (on the Insights tab for DDoS alerts), which details the conditions defined in the policy threshold and the actual values for each of those conditions.

The Data pane on the Details page of an alert whose type is DDoS will be structured as a set of tabs that each show a different visualization..

The following tabs are included in the Data pane for a DDoS alert:

• Alert: A time series chart showing the volume of the traffic that triggered the alert based on the volume metrics defined in the policy. Below the chart are two sections that detail why the alert was triggered (which specific conditions were met) and any status changes to the alert.
• Ingress Interfaces: A time series chart showing traffic volume (in bits/s) on the interfaces where Kentik detected the attack, and a table giving additional detail including the device and site in which the interfaces are located.
• Traffic Patterns: A time series chart and table help to characterize the nature of the conversations that are driving the traffic volumes causing the alert, including how many sources it has, what services are involved, and whether it's a conversation or unidirectional.
• Source Countries: A time series chart showing the unique source IPs of attack traffic, and a table ranking the countries from which traffic from those IPs originated.
• Source Services: A time series chart showing the services that originated the traffic that caused the alert, and a table ranking those services.
• Packet Size Distribution: A bar chart showing the packets of various sizes in the traffic that triggered the alert, and a table ranking the sizes by volume of traffic.

Note: The time range for the above charts begins 30 minutes before the alert's start time and ends with the current time (if the alert is still in Alarm state) or its end time.

The right-side sidebar provides additional details about the alert.

• Severity: The alert’s severity level (Critical, Severe, Major, Warning, or Minor). Severity is determined by the alert policy threshold that triggered the alert.
• Alert Start Time: The start of the period evaluated for the alert.
• Event End Time: The end of the period evaluated for the alert, minus the counter reset time set on the policy’s Thresholds tab.
• Alert End Time: The end of the period evaluated for the alert.
• Status: The state of the alert: Acknowledgement (Ack) Required, Alarm, or Cleared.
• Alert ID: The Kentik-assigned unique ID for the alert.
• Mitigation Details: Information about the mitigation automatically triggered by this alert, if any is defined by the alert policy.
• Policy: The name of the policy by which the alert was triggered (see Alert Policies). The name is a link that takes you to the Edit Policy page for that alert policy (see Policy Settings Pages).
• Frequency: A summary of the frequency with which this alert has recently occurred. The Show all Occurrences link takes you to the back to the Alerting page, displaying only that policy’s alerts.
• Dimensions: A set of vertical bar charts, one for each dimension in the key definition, showing how often the same key value was involved in other alerts over the last seven days.
• Take Action: Buttons that enable additional steps you can take related to the alert:
  - View in Data Explorer: Opens Data Explorer (in a new tab), where the Query sidebar will be set to correspond to the values of the alert’s key. For example, if the dimension in the key definition is Dest IP/CIDR and the value of the key in the alert is 208.76.14.223 then a filter in the Filtering pane will be set to Destination IP/CIDR equals 208.76.14.223.
  - Open Dashboard: Opens (in new tab) the dashboard specified with the Policy Dashboard setting of the alert's policy (see General Policy Settings).
  - Acknowledge (present only when the alert status is Ack Required): Acknowledge the alert, changing the status from Ack Required to Cleared.
  - Debug Alert: Opens the Alert Debug Dialog for this alert.

Notes:
- The details in the sidebar vary between DDoS alerts and non-DDoS alerts.
- For the Details sidebar for NMS alerts, see NMS Alert Details Sidebar.

The details page for an NMS alert is accessed as described in Alert Details Page Access. While an NMS details page has roughly the same layout as a typical Alert Details Page, there are a few differences, which are covered in the following topics:

• NMS Alert Details Display
• NMS Alert Details Sidebar

The main display area of the details page for an NMS=based alert is divided into a set of panes, as described in Alert Details Main Display. The topics below cover the content of those panes for an NMS alert.

The fields across the top of the page will provide NMS-specific statistics, including the measurement, metric, and dimensions specified on the Dataset tab of the policy that generated the alert.

The Data pane shows charts and tables related to the condition that caused the NMS-based alert. The structure of the Data pane depends on the type of alert:

• NMS Up/Down: The pane includes an up/down chart that details the status of the alert over time (see Up/Down Visualization).
• NMS Threshold: The pane includes a line chart detailing the alert’s activity over the time determined by the Lookback drop-down (top right of the chart).

The View in Metrics Explorer link above the chart takes you to Metrics Explorer (in the same tab), where the settings of the Query sidebar will correspond to the values set in the alert’s policy. The pane also includes, at the bottom of the page, a History table, which details alerts that have recently triggered or are currently active.

This time-based chart type is composed of a series of bars on a horizontal time axis that each represent one segment of the current time range. The color of each bar shows the status of the policy’s data sources (devices, interfaces, or BGP neighbors) at a particular point in time: green = up, red = down, and gray = unknown. Hover over any bar in the chart to open a popup giving the timestamp and the status during that segment.

If an event occurred during a given segment then its bar will be slightly elevated and one of the following icons will appear above the bar:

• Bell (in a red marker): An alert was triggered.
• Checkmark (in a green marker): The alert was cleared (according to the policy’s settings).

The visualization also has Lookback drop-down that determines the timeframe covered by the visualization. Options include Alert +/- 1 hr (default), Alert +/- 24 hr, Last 3 hours, Last day, Last 7 days, Last 30 days, and Last 90 days.

Note: For the Alert +/- display options, the graph will display from 1 or 24 hours before the alert was triggered until the current time.

The right-side sidebar on an NMS alert details page provides additional details about the alert, but its structure differs from non-NMS alerts. The sidebar includes the following fields and controls:

• Actions: Available actions for the alert:
  - Acknowledge (present only when the alert status is Ack Required): Acknowledge the alert, changing the status from Ack Required to Cleared.
• Alert: Information about this individual alert:
  - ID: The Kentik-assigned unique ID for the alert.
  - Severity: The alert’s severity level (Critical, Severe, Major, Warning, or Minor). Severity is determined by the alert policy threshold that triggered the alert.
  - Start: The start of the period evaluated for the alert.
  - End: The end of the period evaluated for the alert. If the alert is ongoing, this shows as Currently Active.
• Device: The device that is being alerted on (if applicable). This section may contain various details about the device including site, model, location, IP address, manufacturer, and serial number.
  - View Details: A link that takes you to the NMS Device Details Page for that device.
• Policy:
  - Edit Policy: A link that takes you to the settings page where you can edit the alert policy.
  - Name: The name of the policy by which the alert was triggered.
  - Last Edited: The date the policy was last modified.
  - Alerts for Dimensions: The number of alerts that have been generated for the specific dimensions specified on the Dataset tab of this policy.
  - Alerts for Policy: The number of alerts that have been generated for this policy.