[Roger Clarke]

We want to be able to acknowledge alerts from a Sentinel Dashboard screen but do not know how to do this. The standard table graphic can be used to display alerts but this does not provide the functionality to acknowledge these. The Sentinel Monitoring interface allows the acknowledgement of alerts but this interface does not provide graphics to indicate against which requests un-acknowledged alerts may reside. I do not want to recommend to our support staff that they need to use a Sentinel Dashboard to show where alerts are then navigate themselves into Sentinel Monitoring to be able to acknowledge these alerts.

We are a current OP Focal site and acknowledgement of alerts is available directly through the GUI. We would like to reproduce our current OP Focal screens in Sentinel but have found the above problem prevents us from doing this.

Many thanks for your consideration
Roger Clarke
Kuwait Investment Office

[Rahul Katara]

We have Sentinel Correlation rules that are used to track the events sent to the Sentinel Server (Tracked objects) and then can acknowledge these alerts by creating corrleation rules to perform this task.

There are some pre-defined set of rules that are configured to track errorneous messages/events sent to Sentinel Sever by applying some criteria on Tracked Object attributes.

We can send alerts in form of e-mails whenever such messages arrives into Sentinel Server.

[Roger Clarke]

Thank you for your reply, however I don't think Sentinel Correlation Rules can replicate what we currently do with OP Focal. We have alerts generated from XOC when, say, a particular error text is written to an application's log. When the problem has been fixed there is not a corresponding successful text written to the log. No successful message can be generated to acknowledge the alert and so no correlation can be established. Currently one of our Technical Support team acknowledges the alert manually after they have fixed the issue.

Best regards
Roger