Skip to content
Vulnity Vulnity Docs

SIEM Alert

This section manages alerts that arrive in the individual SIEM.

It has three sections: Open, In progress, and Resolved, which organize and track the status of each alert.

This module is synchronized with the General SIEM, so any change made here, such as resolving an alert, is also reflected automatically in the general panel.

Alert management interface

The Alert Management panel is where each detected alert is analyzed and managed.

Inside this panel you can perform these actions:

Alert management panel actions

  • Change the alert title: rename it for more precise identification. If unchanged, the default title is kept.
  • Change alert status: select Open, In progress, or Resolved according to incident-handling progress.
  • Assign owner: change the assigned person and keep a record of who handled or resolved the alert.
  • General information: view technical details such as the affected domain, attacker IP, and full payload.

Example alert payload

Section titled “Example alert payload”
{
  "schema_version": "1.0",
  "event_version": "1.0",
  "event_uuid": "dce1076e-b472-4ce8-b960-6c389169a364",
  "site_id": "1064b1e1-7916-4d13-9cbd-ab86f6fb55ea",
  "domain": "http://localhost/wordpress/",
  "event_type": "suspicious_query",
  "severity": "critical",
  "occurred_at": "2025-10-13T14:17:35.009+00:00",
  "detected_at": "2025-10-13T14:17:35.009+00:00",
  "summary": "Suspicious Query Detected: Code Execution",
  "description": "Code Execution attack attempt detected from IP 127.0.0.1 with 2 suspicious pattern(s)",
  "details": {
    "ip_address": "72.129.237.221",
    "user_agent": "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0",
    "attack_type": "Code Execution",
    "request_uri": "/wordpress/wp-login.php?loggedout=system(%22whoami%22)",
    "request_method": "GET"
  },
  "status": "open",
  "count": 1
}

Mitigation

Section titled “Mitigation”

In Mitigation, you will find a quick-action button that lets you block the IP responsible for the alert directly, enabling immediate response to attack attempts or malicious activity.

IP blocking mitigation button

The panel also includes Resolution note, where the person managing the alert can leave comments or document the resolution process.

This field records actions taken, technical observations, and decisions, keeping a clear and traceable history of how the incident was resolved.

Resolution notes section