No Alert notification from Device Security

No Alert notification from Device Security

279
Created On 05/06/24 02:40 AM - Last Modified 06/11/25 19:32 PM


Symptom


  • No Alert notification

Environment


  • Device Security
  • Alert notification

Cause


The alert rule is defined with a AND on at least 2 "Change Event" conditions.
And the 2 selected "Change Events" are unlikely to occur at the same time.

rule condition match

For instance:
  • risk level change event AND new device discovery

Resolution


Edit the rule details to avoid matching not possible situations.

Additional Information


Change Event list:
  • IP change
  • New Device Discovery
  • New Profile Discovery
  • New Vulnerability Discovery
  • Offline Device
  • Purdue Level Change
  • Risk Level Change
  • Subnet Change
Documentation - Create Alert Rules
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oPG4CAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail