3.2 Current Tab

The Current sub-tab displays all current issues as well as the complete list of all analyzed devices and their associate issues. Users can filter by Devices, Severities, Labels and Alerts Status. You can even Export alert data in CSV format.

Use the blue arrows (highlighted in green) to edit or filter issues for individual devices, group of devices, type of issues, type of severity, resolved or unresolved issues. You can also sort by Created and Updated timestamps.

Please Note: When issues have been successfully resolved (greyed out) it will remain on display until the user acknowledges and archives it, or filters by unresolved issues.

The checkboxes in the left column allow users to manage multiple issues. The topmost checkbox (in the header row) will allow you to check or uncheck all boxes at once.

The ID column will display the severity type based on the color flag and initial of each issue.

Colors range from red to blue to distinguish critical warnings from less severe issues. This allows users to find and resolve issues most likely to cause imminent downtime and to visually assess the type of issue and remedial action required. Indeni assigns a unique ID number to each issue as it occurs.

By default, issues display in descending order of severity and by date modified.

The Headline displays the actual issue information and a brief description of the condition Indeni has observed.  The Device IP column displays the device management IP address assigned to each device for which an issue has been flagged. Device column displays the device name assigned to each device for which an issue has been flagged, followed by when it was Created and last Updated.

Detailed Issue Review

To review a reported issue in more detail, simply click on an issue of interest to update the Alert Summary page on the right hand side. You do not need to use the check box to expand the issue.

 

The Description section will give you a general description overview and explanation of the problem. Just below that you will see Issue Items relating to the reported problem, like the actual VPN tunnels that are down. If you want to remove a specific item, and keep others, you can do so by hovering over an item and click the x mark. This will effectively Archive that specific issue.

You can also provide Custom Instructions that gives users the option to add their own notes, which are a great way to supplement the Remediation Steps (Indeni’s recommendation) and actionable direction to address the issue.

You can select More Issue Info for more details, Archive it, or by clicking on the up arrow reveal Disable options. You can also send the details to Support if you have questions around the issue.

Issue with Multiple Items

Click on More Alert Info to get a better view of reoccurring and consistent issues. For example, VPN Tunnel(s) down issue has multiple VPN tunnels affected, as indicated below:

  • VPNisDown2 (2.2.2.2) – This tunnel is down
  • VPNisUp2 (192.168.194.49) – This tunnel is down
  • VPNisUp3 (192.168.194.38) – This tunnel is down

The graph to the right gives you a visual view of when the issue was generated, helping the end user get a better understanding of when the system is reporting it. In this particular example you see an up/down on/off state triggering at the intervals which the script is set to run.

#! META
name: vpn-check-tunnels-novsx
description: lalal
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint

 

As you can see the dots are coming in at 5 minute intervals (09:03 AM to 09:08 AM)  at the bottom (Inactive). You are not going to see a consistent line graph here because we also want to make sure the interrogation is happening at the intervals it should. Gaps in normal intervals could be indicators of other issues.

Acknowledge an Issue Item

The user can acknowledge (aka ignore) an item within an issue. The acknowledgement of issues is meant for physical intervention from a user. Typically, acknowledge functions gives the user an audit trail of physical intervention. Its purpose is to prevent multiple people from working on the same issue. When you acknowledge an issue item, it effectively archives it.

For example, you want to acknowledge one of the VPN Tunnels Down issue because it is not a permanent tunnel, therefore it is often down.

To acknowledge the 1.1.1.3 tunnel, click on the x button. Ignoring this item effectively means that the item is excluded (or archived) from the issue.

At this point, the VPN Tunnel(s) down issue is still in active state, but now with two items. When the 1.1.1.10 and 1.1.1.11 tunnels go back up, this particular issue would be marked resolved. Note: the 1.1.1.3 tunnel remains inactive, since the item was ignored, Indeni will mark the entire issue as resolved.