Alerts

Alerts

Netskope’s Digital Experience Management (DEM) Alerts page provides you with notifications on key events that can be sent to any destination of your choosing. Depending on your subscription, these alerts provide coverage for Network, Platform, and Private Application events.

Alerts Overview

The Alerts page provides you with the following information:

  • Network, Platform, and Private Application Events: Gain a comprehensive overview with alerts covering network, platform, and private application events. The alerts will keep you updated on network tunnel events to Netskope Service Status, and private application publisher issues.
  • Detailed Alert Information: Each alert comes with a comprehensive set of details for quick and accurate incident analysis. You can access critical information such as current status, severity level, time of opening, last evaluation timestamp, closure time, recipient details, alert category, type, configuration specifics, and a unique alert ID for reference.
  • Enhanced Contextual Enrichment: The Alert Details pages allow you to understand the bigger picture by providing you with enriched data points. You can identify which specific geographic locations, sites, and publishers that were impacted by the reported issues. This enrichment provides invaluable insights into the scope and potential reach of each event.

About the Alerts Dashboard

The Alerts dashboard provides a snapshot of the open and closed alerts that have been generated in the last 30 days. These alerts can be filtered and sorted to view specific alerts. For additional details about an alert, click the alert to view the Alert Details page. To learn more about the Alert Details pages, please see Alert Details Pages section.

The Alerts dashboard contains the following components:

  1. Alert Configuration: Clicking this will take you to the Alert Configuration page where you can create and manage alert configurations.
  2. Filters: The filters section of the Alerts page allows you to filter the alerts with the following filter options:
    • Add Filter: You can use this dropdown filter menu to filter alerts by alert configuration, alert category, alert type, and severity.
    • Alert ID: You can filter alerts by searching for a specific alert ID.
    • Clear: You can use the clear option to clear the selected filter options.
  3. Sort by: You can sort the alerts by selecting from this dropdown menu.
  4. Alerts Found: The alerts found number includes the alerts that have been found based on the criteria you have selected. Alerts may be excluded from this number depending on the filters you have selected.
  5. Show Closed Alerts: All open and closed alerts are shown by default. You can use this toggle to show or not show closed alerts. 
  6. Alert Preview: A preview for each alert is displayed on the Alerts page. Click the alert preview to view additional details for each alert.

About Alert Previews 

The Alerts page provides you with a preview of each alert. You can click an alert preview to go to the Alert Details page, where you can view detailed information about that specific alert.

Components of an Alert Preview

The following information provides you with details about the components of an alert preview:

  1. Severity Level: The severity level of an alert. The severity level of an alert is determined by the administrator during the alert configuration process.
  2. Alert Configuration Name: The name that is given to an alert by the administrator during the alert configuration process.
  3. Alert Name: The alert name is determined by the alert configuration conditions.
  4. Alert Time Opened (and Closed): The time that an alert is opened. A closed time will also be displayed if an alert has been closed.
  5. Impacted Sites/Publishers/POPS: This category is dependent on the type of alert. The impacted sites, publishers, or POPs are displayed in this section of the alert preview.

How to Filter Alerts 

Use the Filter Menu to filter the alerts. You can select from the following filters:

  • Alert Configuration
  • Alert Category
    • Network
    • Platform
    • Private Apps
  • Alert Type
    • Tunnel Status
    • Tunnel Flapping
    • Service Status
    • Publisher Resource Consumption
  • Severity
    • Critical
    • High
    • Medium
    • Low
    • Info

Alert Details Pages 

You can view the Alert Details page for a specific alert by clicking an alert preview on the Alerts page. The Alert Details pages provide you with detailed information on the selected alert. 

Alert Details Page Dashboard

  1. Status: The status of the alert. The status is Open for unresolved alerts and Resolved for closed alerts.
The alert will remain open if there is at least one alert component which is impacted (for example: site, services, or publishers). An alert will be closed if there was no change in status within seven days.
  1. Severity: The level of severity that an alert poses.
  2. Opened Time: The time that the alert was created for this event.
  3. Last Evaluated Time: The last time the alert was evaluated.
  4. Closed Time: The time that the alert was closed.
  5. Sent to: The email address, webhook url, or Slack destination to which the alert notification was sent.
  6. Alert Category & Type: The category and type of alert.
  7. Alert Configuration: The alert configuration that triggered the alert. You can open the Alert Configuration Details window by clicking the alert configuration name.
  8. Alert ID: The identification number of the alert.
You can copy the Alert ID by clicking the copy icon.

Current Status

The current status section on an Alert Details page provides you with information about the current status of that specific alert. The following is a list of potential status options for an alert:

  • Triggered: When the current status is triggered, it means that an alert condition rule has been met and the alert is currently active.
  • Resolved: A resolved current status means that an alert was triggered, but it has been resolved.
  • Unknown: An unknown current status is displayed when Netskope did not observe metrics for the alert entities for the moment.

Types of Alert Details Pages

  • Tunnel Status Alerts: These alerts monitor the availability of the tunnels. The status of IPSEC tunnels is determined by the connection status. For GRE, a combination of traffic and tunnel probes are used to measure if the GRE tunnel is up or down.
  • Tunnel Flapping Alerts: These alerts monitor the stability of the tunnels. This alert type is useful for identifying tunnels with unstable connections. Identifying which tunnels have unstable connections will allow network administrators to take corrective action and ensure network reliability.
  • Service Status Alerts: These alerts monitor the status of Netskop services. These alerts are designed to inform you about the operational state of services in a Point of Presence (POP) that you utilize. This data provides you with awareness about any issues that might affect user experiences. These alerts indicate when Netskope is addressing a service disruption by redirecting traffic or taking other mitigating actions. In most cases, this is an informational alert with no action needed at your end, however if you think that alert might correlate to any issues in your network, please open a case with the network support team.
  • Publisher Resource Consumption Alerts: These alerts allow you to monitor the resource utilization (CPU, Memory, and Storage) of your publishers and get alerted when they meet a certain threshold.

Tunnel Status Details Pages

The tunnel status alert details pages provides detailed information on which sites are impacted by the following information:

  • Map: A map of impacted sites is displayed. You can click the circles on the map to view additional information.
  • Current Status: The current status of the alert condition.
  • Site: The name of the IPSec or GRE site.
  • POP: The Point of Presence (POP) where the IPSec or GRE tunnel event occurred. 
  • Source IP:  The public source IP Address of the IPSec or GRE tunnel.
  • Site Status: The current status of the site.

Tunnel Flapping Details Pages

The tunnel flapping alert details pages provides detailed information on which sites are impacted by the following information:

  • Map: A map of impacted sites is displayed. You can click the circles on the map to view additional information.
  • Current Status: The current status of the alert condition.
  • Site: The name of the IPSec or GRE site.
  • POP: The Point of Presence (POP) where the event occurred. 
  • Source IP:  The public source IP Address of the IPSec or GRE tunnel.
  • Site Status: The current status of the site.

Service Status Alert Details Pages

The service status alert details page provides detailed information on which POPs are impacted by the following information:

  • Map: A map of impacted POPs is displayed. You can click the circles on the map to view additional information.
  • Current Status: The current status of the alert condition.
  • POP: The Point of Presence (POP).
  • Service: The specific service at the POP that triggered the alert condition.
  • Service Status: The current status of the service.

Publisher Resource Consumption Alert Details Pages

The publisher resource consumption alert details pages provide detailed information on which publishers are impacted by the following information:

  • Current Status: The current status of the alert condition.
  • Publisher: The NPA Publisher with the triggered alert condition.
  • Resource: The specific NPA Publisher resource with the triggered alert condition.
  • Resource Consumption: The time series view of which data points triggered the alert condition.
Share this Doc

Alerts

Or copy link

In this topic ...