Review Events

Events can be reviewed in detail by clicking on the event listing in the feed:


To review the environment at the time of the event in detail, click Explore to navigate to the Explore module. The Explore module will automatically drill-down to the impacted environment objects. To view the visualization of the impacted objects, click Dashboard.

The Event Details Panel

The Event Details panel contains detailed information about the event. This information is different, depending on whether the event is an Alert event or a Custom event.

Alert Events

The example below is of an Alert event:


MetadataDescription
Event IDThe unique ID of the event.
SeverityThe severity of the event (High, Medium, Low, Info).
StateThe current state of the event (Triggered, Resolved)
DurationThe length of time the event lasted.
AcknowledgedWhether the event has been acknowledged or not.
TriggerThe cause of the event (for example, the metric that exceeded the defined range, and the value it reached).
EntityThe entity on which the event occurred.
Start TimeThe date and time the event started.
End TimeThe date and time the event ended.
Alert NameThe name of the alert that was triggered.
TypeThe type of alert.
MetricsThe metric/s that were affected.
Trigger ConditionThe condition that was met to trigger the alert.
ScopeThe scope of the alert.
SegmentThe segmentation applied to the alert.

To configure the alert that created the event, click the Edit Alert link in the Event Details panel. For more information about alerts, refer to the Alerts documentation.

Security Events

Policy

The example shows an event notifying a potentially unauthorized terminal shell in a container. For more information on Policy alerts, see Secure Events.

MetadataDescription
Event IDThe unique ID of the event.
SeverityThe severity of the event (High, Medium, Low, Info).
Date / TimeThe date and time the event occurred.
HostThe hostname and physical address (MAC)
ContainerThe container name, unique identifier, and image.
SummaryA detailed description of what occurred.

Scanning

The example is a high severity event alerting a change in the scan result of an elasticsearch image on Quay. For more information on Scanning, see Scanning Alerts.

MetadataDescription
Event IDThe unique ID of the event.
SeverityThe severity of the event (High, Medium, Low, Info).
Date / TimeThe date and time the event occurred.
Image RegistryThe repository where the image resides (for example, Quay).
TagThe image name associated with the image.
Image IDThe unique identifier of the image.
DigestA content-addressable identifier which contains the SHA256 hash of the image’s JSON configuration object.

Infrastructure and Custom Events

Infrastructure and custom events display the same set of information in the Event Details panel. The example below is a Docker event:

MetadataDescription
Event IDThe unique ID of the event.
SeverityThe severity of the event (High, Medium, Low, Info).
Date / TimeThe date and time the event occurred.
SourceThe source of the event (for example, Docker).
ScopeThe scope of the event.
DescriptionA detailed description of what occurred.