ATA suspicious activity alerts timeout?

Highlighted
New Contributor

Hi,

 

Quick question that I can't find the answer to. When ATA pops up an alerts for some activity that it found, once the underlying system that created the activity is remediated, how long before the alert will be updated and the activity will removed? So, if I had a server that did some type of DNS reconissance, and I fix the software that created the alert to begin with, when will the alert close for that specific host?

 

Thanks

1 Reply
Highlighted

Hi Kevin,

The Suspicous Activities (alerts) do not auto-close.  Once you fix the issue, you need to close the suspicous acitvity.