Resolve Events

Once an authorized technician assesses an event and takes the necessary actions to address the problem or determines that there is no action required, then the event can be marked as Resolved. When one event that is part of a cluster is resolved, all events in that cluster are marked as resolved. You can select several events and mark them as Resolved in a batch process. You can also mark all events (or all events of a particular category) as Resolved simultaneously.

Resolve Individual Events

To mark specific events as resolved:

  1. In the relevant Events page (Configuration Events, SCADA Events, Network Threats, or Network Events), select the check box next to one or more events that you want to mark as Resolved.

  2. In the header bar, click Actions.

    A drop-down menu appears.

    Note: When you are marking multiple events as Resolved, you must click the Resolve button to resolve all selected events, and not the Resolve All button. The Resolve All button is used to resolve all events, even those that are not selected.

  3. Select Resolve.

    The Resolve Event window appears.

  4. (Optional) In the Comment box, you can add a comment to describe the mitigation steps to resolve the issues.

  5. Click Resolve.

    The status of the selected event/s is marked as Resolved.

Resolve All Events

The Resolve All action applies to all events on the current page based on the filters that are currently applied to the display. For example, if the Configuration Events page is open, then Resolve All resolves Configuration Events, but not SCADA Events and so on. For clustered events, all events in the cluster are marked as resolved.

To mark all events as resolved:

  1. In the relevant Events page (Configuration Events, SCADA Events, Network Threats, or Network Events), click Resolve All in the header bar.

    The Resolve All Events window appears with the number of events to be resolved.

  2. (Optional) In the Comment box, you can add a comment about the group of events being resolved.

  3. Click Resolve.

    OT Security displays a warning message.

  4. Click Resolve.

    OT Security marks all events in the current display as Resolved.