Continuous ATP Alert

melmore · ‎Apr 23 2020

I have an ATP alert that continues to alert based on something that happened several weeks ago. The activity has been verified as operational maintenance tasks. The alert and investigation have been closed. But the alert continues to "alert" based on the activity that was seen several weeks ago. The timestamps in the alert even shoe the date/time as in the past. I feel like I shouldn't have to tune the alert, for something that happened in the past. Does anyone have any thoughts on how I might approach this?

Eli Ofek · ‎Apr 23 2020

@melmore Are you sure you closed the alert, and it went back to Open state WITHOUT ANY network activity related to it added ??? If so, please open a support ticket about it as it requires deeper research.
Try to export the alert to excel where you can see more detailed data about information accumulated about this alert and verify that indeed there wasn't something new added before it got reopened.

melmore · ‎Apr 23 2020

@Eli OfekHi Eli,

I cannot find anything in the new alert(s), there has been more than one, that indicate any "new" activity. In fact, when you go through the timeline, in only shows suspicious activity in the timeline associated with the original alert. I have also tirelessly reviewed the portal to ensure all alerts and investigations associated with theses events were closed. My original thought, until this afternoon was one remained open and alerting.

I'll try the support ticket route. I appreciate the response.

--

Mike

Continuous ATP Alert

Continuous ATP Alert

Re: Continuous ATP Alert

Re: Continuous ATP Alert

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Continuous ATP Alert