Important Alerts

The following table explains the important alerts triggered by events that require observation. Deep Discovery Analyzer considers suspicious object detections, hardware capacity changes, certain sandbox queue activity, component update, account and clustering issues as important problems.

Table 1. Important Alerts

Name

Criteria

(Default)

Alert Frequency

(Default)

Account Locked

An account was locked because of multiple unsuccessful logon attempts.

Immediate

Long Virtual Analyzer Queue

The number of Virtual Analyzer submissions has exceeded the threshold of 100.

Once every 30 minutes

Component Update Unsuccessful

A component update was unsuccessful.

Once every 30 minutes

High CPU Usage

The average CPU usage in the last 5 minutes has exceeded the threshold of 90%.

Once every 30 minutes

High Memory Usage

The average memory usage in the last 5 minutes has exceeded the threshold of 90%.

Once every 30 minutes

High Disk Usage

Disk usage has exceeded the threshold of 85%.

Once every 30 minutes

Secondary Appliance Unresponsive

A secondary appliance in the cluster encountered an error and was unable to recover.

Immediate

High Availability Suspended

The passive primary appliance encountered an error and was unable to recover. High availability was suspended.

Once every 30 minutes

New High-Risk Objects Identified

The number of new high-risk objects identified during the last 30 minutes has reached the threshold of 10.

Immediate

Connection Issue

Unable to establish connection to a required resource.

Once every 30 minutes

Long Virtual Analyzer Processing Time

The Virtual Analyzer processing time has exceeded the threshold of 30 minutes.

Once every 30 minutes

Network Share Inaccessible

A network share is inaccessible.

Once every 30 minutes

Note:

Consider decreasing the number of sandbox instances if the system frequently experiences high CPU or memory usage for long periods of time.

For details, see Modifying Sandbox Instances.