The difference between alerts and events in AppDefense

The difference between alerts and events in AppDefense

When we move Scopes within AppDefense to "Protected" mode from "Discovery" mode we are locking down the manifest of learned behaviors and telling AppDefense to alert us on any new behaviors or deviations from the known good behaviors. When a new behavior or deviated behavior shows up within in a protected scope, AppDefense triggers an event. Using AppDefense's App Verification Cloud we have the ability to look at that event and classify it with different severities based on a number of factors.

The criticality of an event can be one of four severity levels: Critical, Serious, Minor or Info. The corresponding indicator for the different severities are represented by different colored symbols shown below.

Screen Shot 2020-01-15 at 11.12.33 AM.png

The difference between "Events" and "Alerts" within AppDefense is quite simple. All events that are classified as critical are what we call "Alerts" and anything classified lower than a critical (Serious, Minor or Info) we continue to call an "Event".

Currently you can get to your Alerts (Critical Events) by clicking the "Alerts" button in the top left hand corner of the AppDefense home page.

Screen Shot 2020-01-15 at 11.22.44 AM.png

To get to events you click the gear icon next to your email address in the bottom left hand corner and select "Events" at the top of the menu.

Screen Shot 2020-01-15 at 11.19.39 AM.png

We hope that this has helped you understand a little bit better how to use AppDefense and it's categorization of events.

Happy AppDefending!

Version history
Revision #:
1 of 1
Last update:
‎01-15-2020 08:26 AM
Updated by: