Events and Alerts

 

Contents

Managing Tasks in ETM Dashboard

Centralized management through ETM Dashboard provides the admin the ability to push various configuration items to their appliances, directly from ETM Dashboard: backup configs, software-defined networks and VPN connections, application policies, and more. The Tasks feature enables the admin to view those pushes in one listing.

Viewing Tasks

This view displays information about pushes initiated from ETM Dashboard.

Column Description
Date Updated The date and time the task was initiated.
Task A description of the task.
Status The current state of the task: queued, error, or completed.
Error Message If an error is encountered, the message will be displayed here.
Retry Count The number of times the task has automatically retried to complete.
Expiration Date The time at which ETM Dashboard will stop automatically retrying in the event of failures.
User Email Address The email address of the ETM Dashboard login which initiated the task.

Removing Tasks

To remove a task from the list, select it and click the Remove Task button.

Any task in "queued" or "error" status will be cancelled, preventing any attempts to complete the push. Completed tasks are only removed from the listing.

Viewing Events in ETM Dashboard

You can view logs of events in the Alerts section of ETM Dashboard. The logs include:

  • Audits
  • Alerts
  • Notifications

Audit History

The Audit History reports ETM Dashboard activities such as logins or configuration changes to appliances. This is useful for example if you allow other users to manage appliances in your account and you need to audit their activities.

Alerts Received

The Alerts Received log reports activities from Edge Threat Management appliances connected to your account. For example, when an appliance disconnected or upgraded automatically.

Alerts provide important information that may require immediate attention. Therefore, you can create rules to receive alerts to your email, Slack, or Arista Go app, for example. More details are available in Managing Alert Rules.

Notification Log

The Notification Log reports when each alert message and via which notification profile. This is useful to confirm whether your account is sending alerts and if they are delivered successfully.

Managing Alert Rules

Your ETM Dashboard account includes several default alert rules to notify you about important events related to your appliances, subscriptions, and account. For example, when an appliance in your account goes offline or when an infected computer is discovered on the network, an Alert Rule can trigger a notification.

Managing Alerts

  1. Log in to ETM Dashboard.
  2. Click the Alerts tab at the top of the screen.
  3. Click Alert Rules from the menu on the left pane.

Enabling Default Rules

All default rules are disabled to prevent excessive email notifications from ETM Dashboard. To enable a rule:

  1. Select a rule and click the Edit Alert Rule button.
  2. Set the rule status to Active.
  3. Confirm that your preferred notification profile is set and click Update.

Adding an Alert Rule

You can add alert rules by creating an alert rule from an event or you can add an alert rule manually.

To manually add an alert rule:
  1. Click Add Alert Rule.
  2. Enter a Name for the rule.
  3. Specify the Rule. This is the text string the Alert Rule will look for in order to trigger the Alert. You can view some example text strings under the Events report in Command Center. Alternatively entering "*" (without quotes) will trigger on all events.
  4. Set the Status as Disabled or Active.
  5. Select your preferred notification profile and click Create.

Creating an Alert Rule from an Event

Alert rules are conditions based on events that trigger a notification. You can manually configure alert rules, or you can create a rule from an event in the Audit History or Alerts Received.

Creating a Rule from an Event or Alert

  1. Log in to ETM Dashboard.
  2. Click the Alerts tab at the top of the screen.
  3. Click the Audit History or Alerts Received.
  4. Select an event from which you want to make a rule.
  5. Click Add Alert Rule.
  6. The view switches to the Create Alert Rule screen with the Rule populated by the event.
  7. Enter a Name for the rule.
  8. Confirm the Notification profile and click Create.

Managing Notification Profiles

ETM Dashboard alert rules require a notification profile to send you alerts. The notification profile specifies how you want to receive alerts and how to present the information. You can manage notification profiles in Alerts > Notification Profiles.

Default Notification Profile

Your account in ETM Dashboard has a default notification profile that delivers alerts via email to the email address associated with your account. The default set of alert rules use this profile to send you alerts.


If you wish to change how you receive alerts, you can edit this profile by selecting the profile and clicking Edit Notification Profile.

Notification Types

ETM Dashboard supports the following delivery services:

Table 1.
Email Standard email delivery to the email address you specify.
Slack Delivery via a Slack webhook.
Pagerduty Delivery via a Pagerduty webhook.
VictorOps Delivery via a VictorOps webhook.
Webhook Delivery via a custom webhook.
Arista Go (Mobile) Delivery via Untangle Go mobile app.

Adding a Notification Profile

You can add notification profiles to receive alerts to other addresses or types of delivery services depending on the alert. After you add a notification profile you can configure alert rules to use the new profile.

To add a notification profile:
  1. Click Add Notification Profile.
  2. Specify a name and description.
  3. Select an action to define how you want to receive the alert.
    • For an Email action:
      1. Specify a From address and the To, CC, and BCC addresses separated by commas. Note that only the From and To addresses are required.
      2. Enter a Subject and Body. The table above these values provides variables you can use in the message. Refer to the default notification profile as a formatting guide.
    • For a Slack action:
      1. Enter the endpoint URL of your app.
    • For a Pagerduty action:
      1. Enter the Routing Key you designate for ETM Dashboard notifications.
      2. Select a severity level.
    • For a VictorOps action:
      1. Enter the Endpoint URL you designate for ETM Dashboard notifications.
      2. Select a message type.
    • For a Webhook action:
      1. Enter the Endpoint URL you designate for ETM Dashboard notifications.
      2. Click Add Header and enter a name and value if your custom integration requires custom headers.
      3. Select an HTTP Method.
    • For a Mobile action:
      1. From the list under Mobile Configuration, select the Arista Go app you would like to receive notifications in. If you have connected Arista Go from multiple mobile devices, you will see a list of all available devices.
  4. Click Create.