Help
Lacework
Access helpful articles and other FAQs on Lacework
Kate_M
Community Manager
Community Manager

Created on ‎08-19-2024 03:27 AM

Article Id 334316

Alert 'Event Details' changing over time

Description Alerts may be observed to have different “Event Details” when viewed in the platform at different time points. This can also occur when comparing the current Event Details in the console with the details received for that alert via an Alert Channel notification (such as email or JIRA).
Scope Lacework Console, Lacework Alert Channel integrations.
Solution

This behaviour is a benign side effect of a new feature providing near-to-real-time alerting. A key component of near-to-real-time alerting is that for up to an hour after the alert was generated, certain alert types can be appended with newly relevant event data.

 

This in turn can cause the values in the Alert summary fields to appear to have changed. Any notification that was sent to a configured Alert Channel would still show the original summary data in the “Event Details”.

 

  • No remediation action needs to be taken if observing this behaviour
  • Alerts that are still in progress will be denoted by the "Evolving" tag until that hour has concluded
  • Full event details can be found by scrolling down to the "Where" section of the alert

 

Example: 

 

Alert Notification received in Slack about IP 71.6.146.186

 

Kate_M_0-1724062609200.png

 

 

However, after opening the Alert in the Lacework console a different IP 43.134.227.248 is highlighted

 

Kate_M_1-1724062609491.png

 

 
73
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.