ATA suspicious activity alerts timeout?

Copper Contributor

Hi,

 

Quick question that I can't find the answer to. When ATA pops up an alerts for some activity that it found, once the underlying system that created the activity is remediated, how long before the alert will be updated and the activity will removed? So, if I had a server that did some type of DNS reconissance, and I fix the software that created the alert to begin with, when will the alert close for that specific host?

 

Thanks

1 Reply

Hi Kevin,

The Suspicous Activities (alerts) do not auto-close.  Once you fix the issue, you need to close the suspicous acitvity.