Investigating current and past alarms

You can search for and investigate current and past alarms, using the Alarm report task.

Video: Click to hide video

Watch this video to learn more. Click the Captions icon (CC) to turn on video captions in one of the available languages. If using Internet Explorer, the video might not display. To fix this, open the Compatibility View Settings and clear Display intranet sites in Compatibility View.

Text: Click to hide text

What you should know

In Security Desk, you can investigate all of the alarms that were triggered during the last week or since your last shift. You can also investigate major events that happened in your system (by only selecting critical alarms), who acknowledged a specific alarm, and why. You can also review the video associated to an alarm, which can then be exported and sent to law enforcement as evidence.

To investigate an alarm:

  1. From the home page, open the Alarm report task.
  2. Set up the query filters for your report. Choose one or more of the following filters:
    • Alarms: Click to hide description
      Select the types of alarms you want to investigate. Alarms can be locally defined (), or imported from federated systems ().
    • Acknowledged by: Click to hide description
      Users who acknowledged the alarm.
    • Acknowledged on: Click to hide description
      Alarm acknowledgement time range.
    • Acknowledgement type: Click to hide description
      Select one of the following acknowledgment type options:
      • Alternate:
        Alarm was acknowledged by a user using the alternate mode.
      • Default:
        Alarm was acknowledged by a user, or auto-acknowledged by the system.
      • Forcibly:
        An administrator forced the alarm to be acknowledged.
    • Alarm priority: Click to hide description
      Alarm priority.
      NOTE: All alarms imported from Omnicast have their priority set to 1 by default. You can change their priority at a later time in the Config Tool.
    • Context: Click to hide description
      Restrict the search to alarms with a specific text in the annotation. The search is case insensitive.
    • Investigated by: Click to hide description
      Which user put the alarm into the under investigation state.
    • Investigated on: Click to hide description
      Specify a time range when the alarm was put into the under investigation state.
    • Source: Click to hide description
      Source entity that triggered the alarm in the case of an event-to-action, or the user who triggered the alarm manually.
    • State: Click to hide description
      Current state of the alarm.
      • Active:
        Alarm is not yet acknowledged. Selecting an active alarm shows the alarm acknowledge buttons in the report pane.
      • Acknowledged:
        Alarm was acknowledged by a user, or auto-acknowledged by the system.
      • Under investigation:
        Alarm that is under investigation.
      • Acknowledgement required:
        Alarm with an acknowledgement condition that was cleared is ready to be acknowledged.
    • Triggered on: Click to hide description
      Alarm trigger time range.
    • Triggering event: Click to hide description
      Events used to trigger the alarm.
    • Custom fields: Click to hide description
      Restrict the search to a predefined custom field for the entity. This filter only appears if custom fields are defined for the entity, and if the custom field was made visible to you when it was created or last configured.
  3. Click Generate report.
    The alarms are listed in the report pane.
  4. To show the corresponding video of an alarm in a tile, double-click or drag the item from the report pane to the canvas.
  5. To control the alarms, use the alarm widget.

Next topics

Browse
How alarms are displayed in the Security Desk canvas
Alarm widget
Overview of the Alarm report task
©2019 Genetec Inc. All rights reserved.Genetec