Review Events
Events can be reviewed in detail by clicking on the event listing in the feed:

The Event Details panel is displayed.
Here you can see detailed information about the event, such as the time of occurrence, and details of its exact location in your infrastructure.
To review the environment at the time of the event in detail:
- Click Take Action.
- Click Explore.
The Explore module shows you the impacted environment objects. To visualize the impacted objects in a graphical form, click Dashboard.
The Event Details Panel
The Event Details panel contains detailed information about the event. This information differs depending on whether the event is an Alert Event or a Custom event.
Alert Events
The example given below is of an Alert Event:

Metadata | Description |
---|---|
Event ID | The unique ID of the event. |
Severity | The severity of the event (High, Medium, Low, Info). |
State | The current state of the event (Triggered, Resolved) |
Duration | The length of time the event lasted. |
Acknowledged | Whether the event has been acknowledged or not. |
Trigger | The cause of the event (for example, the metric that exceeded the defined range, and the value it reached). |
Entity | The entity on which the event occurred. |
Start Time | The date and time the event started. |
End Time | The date and time the event ended. |
Alert Name | The name of the alert that was triggered. |
Type | The type of alert. |
Metrics | The metric/s that were affected. |
Trigger Condition | The condition that was met to trigger the alert. |
Scope | The scope of the alert. |
Segment | The segmentation applied to the alert. |
To configure the alert that created the event, click the Edit Alert
link in the Event Details panel. For more information about alerts,
refer to the Alerts
documentation.
Security Events
Policy
The example given below shows an event notifying a potentially unauthorized terminal: shell in a container. For more information on Policy alerts, see Secure Events.

Metadata | Description |
---|---|
Event ID | The unique ID of the event. |
Severity | The severity of the event (High, Medium, Low, Info). |
Date / Time | The date and time the event occurred. |
Host | The hostname and physical address (MAC) |
Container | The container name, unique identifier, and image. |
Summary | A detailed description of what occurred. |
Scanning
The example given below is a high severity event alerting a change in the scan result of an elasticsearch image on Quay. For more information on Scanning, see Scanning Alerts.

Metadata | Description |
---|---|
Event ID | The unique ID of the event. |
Severity | The severity of the event (High, Medium, Low, Info). |
Date / Time | The date and time the event occurred. |
Image Registry | The repository where the image resides (for example, Quay). |
Tag | The image name associated with the image. |
Image ID | The unique identifier of the image. |
Digest | A content-addressable identifier which contains the SHA256 hash of the image’s JSON configuration object. |
Infrastructure and Custom Events
Infrastructure and Custom Events display the same set of information in
the Event Details
panel. The example given below is a Docker event:

Metadata | Description |
---|---|
Event ID | The unique ID of the event. |
Severity | The severity of the event (High, Medium, Low, Info). |
Date / Time | The date and time the event occurred. |
Source | The source of the event (in this case, Docker). |
Scope | The scope of the event. |
Description | A detailed description of what occurred. |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.