This page displays a table containing alerts triggered by the signals and rules defined on the Correlation page.
There are six columns defined on the table: signal, key, type, from, created on, and attributes. The signal column indicates which bucket signal was sent. The key column shows the specific value of the key defined by the bucket signal. For example, if the key used when defining the signal was sip (source IP), the displayed value will be the source IP associated with the event. The type column indicates the type of rule that triggered the hit.
The from column displays the name of the correlation rule that triggered the hit. The created on column shows the date and time of the event that triggered the hit. Lastly, the attributes column displays the values of the fields defined during creation of the bucket signal.
Like other pages with facets, searches can be narrowed down based on specific values for fields using the checkboxes on the left side of the page.