You can configure to perform actions, such as email alerts, for select vulnerability or alert occurrences to various users regardless of whether the events correlate to a local vulnerability or not. Other alert actions include UI notifications, ticket creation/assignment, remediation scans, launching a report, email notification, and syslog alerting. Many actions can be assigned per ticket.

On the Alerts page, at the top of the table, click Add to add an alert. Here you can, Edit, Evaluate, View (view details of), and Delete alerts. The Evaluate option allows an alert to be tested whether it has met the configured time criteria or not. Clicking on an alert will take the user to the Edit Alert page for the selected alert.

Alert Options

Option Description


The name of the alert.


A description for the alert.


The setting will determine how often the alert checks for the conditions to be matched. Selections vary in frequency from 15 minutes to monthly. Selecting the option of Never will create the alert to be launched only on demand.


If set to alert on the first occurrence, the alert will only trigger when the condition initially changes from false to true. The other option is to trigger on each detection of the true condition.



Vulnerability, Event, or Ticket.


  • IP Count – Trigger on vulnerabilities or events whose IP address count matches the given parameters.
  • Unique Vulnerability/Event Count – Trigger an alert when the vulnerability/event count matches the given parameters. This option is set to Unique Vulnerability Count for vulnerability alerts and Event Count for event alerts.
  • Port Count – Trigger an alert when the events/vulnerabilities using a certain port number match the given parameters.


The dataset to which the trigger condition will be compared.


Apply advanced filters to the vulnerability or event data. The complete filter set may be created here, or if a Query was selected those parameters may be edited.

For more information, see Filters.


Add Actions

Adding actions will determine what the alert does with triggered events. The options are Assign Ticket, Email, Generate Syslog, Launch Scan, Launch Report, or Notify Users. Multiple actions may be triggered for each alert.

For more information, see Alert Actions.