Working with Notifications

If a Correlation Rule creates a Correlated Event, and the rule has a Notification Action as an Output, TLC adds an event notification in the TLC Console of each user specified by the Action.

To configure a Notification Action, see Working with Actions.

To add a Notification Action as an Output in a Correlation Rule, see Defining a Correlation Rule.

Tips	Each day, TLC removes the oldest notifications that exceed the number specified by the System Database - Maximum number of Notifications advanced setting in the Manager's properties dialog (see Changing a Manager's Advanced Settings). Since TLC experiences performance degradation when the total number of Event Tickets and notifications exceeds 5,000, Tripwire recommends that you monitor the number of tickets and notifications in your TLC environment. For more information about Event Tickets, see Working with Event Tickets.

Tips

Each day, TLC removes the oldest notifications that exceed the number specified by the System Database - Maximum number of Notifications advanced setting in the Manager's properties dialog (see Changing a Manager's Advanced Settings).

Since TLC experiences performance degradation when the total number of Event Tickets and notifications exceeds 5,000, Tripwire recommends that you monitor the number of tickets and notifications in your TLC environment. For more information about Event Tickets, see Working with Event Tickets.

To view your notifications in the TLC Console:

In the button bar, click

Display notifications.

In the Notifications panel at the bottom of the TLC Console, TLC presents the notifications for your user account (see Table 103).

If the Correlation Rule that generated a notification also saved the Correlated Event in an Event-Management Database, you can view the properties of the event by double-clicking the notification.

To limit the number of Notifications listed, enter a value in the Notification(s) to display field.

To acknowledge all Notifications, click Acknowledge All Pending Notifications Acknowledge all notifications in the database.

To remove a notification, select the notification and click Remove Remove selected notifications.

To remove all notifications from the Notifications panel, click Delete/Remove Remove all notifications.

To refresh the Notifications panel, click Refresh Refresh notifications.

To close the Notifications panel, click

Display notifications.

Table 103. Columns in the Notifications panel
Column	Description
Priority	The Priority of the notification specified in the Action Settings tab of the Correlation Rule (see Table 95).
Notified	The recipients of the notification specified by the Notification Action (see Working with Actions).
Timestamp	The date and time when TLC generated the notification.
Manager	The Manager with the Correlation Engine that generated the notification.
Item ID	If the Correlation Rule also saved the notification's Correlated Event to an Event-Management Database, this field provides the unique ID assigned to the event by TLC.
Message	The content of the notification specified in the Action Settings tab of the Correlation Rule (see Table 95).