Home
CMC
Learn how CMC provides centralized visibility and monitoring of Nozomi Networks sensors.
User Guide
Information and resources about the main features of the Central Management Console (CMC), and the tasks that you can do from the user interface (UI).
Alerts
The Alerts page shows all the latest alerts in the system. It lets you view the alerts in different modes, and carry out actions on the alerts.
Alert deduplication
Alert deduplication groups repeated alerts into one alert entry when the alert type and key values match. It helps you reduce noise and review repeated activity in context.

CMC
Learn how CMC provides centralized visibility and monitoring of Nozomi Networks sensors.
- Introduction
  An overview of the Central Management Console (CMC).
- Installation Guide
  Information and resources on how to install the Central Management Console (CMC), and the different options and settings available.
- Administrator Guide
  Information and resources about the Administration section of the Central Management Console (CMC), and the tasks that you can do in this part of the software.
- User Guide
  Information and resources about the main features of the Central Management Console (CMC), and the tasks that you can do from the user interface (UI).
  - Sensors
    The Sensors page lets you view all of the sensors that you have in your system.
  - Alerts
    The Alerts page shows all the latest alerts in the system. It lets you view the alerts in different modes, and carry out actions on the alerts.
    - Standard mode
      You can view alerts in standard mode to give you an overview of the latest anomalies.
    - Expert mode
      You can view alerts in expert mode to give you a detailed view of the alerts in the system. This lets you filter, sort, and analyze the information in detail.
    - Alert deduplication
      Alert deduplication groups repeated alerts into one alert entry when the alert type and key values match. It helps you reduce noise and review repeated activity in context.
    - View alerts in standard mode
      You can view alerts in standard mode to give you an overview of the latest anomalies.
    - View alerts in expert mode
      You can view alerts in expert mode to give you a detailed view of the alerts in the system. This lets you filter, sort, and analyze the information in detail.
    - Closing alerts
      When you close an alert, or incident, a dialog lets you select a reason, and specify the learning process.
    - Actions menu
      The Actions menu gives you access to all the actions that you can do for the related alert.
    - Edit a playbook associated with an alert
      A playbook associated with an alert can be modified. A change you make on the playbook only affects the playbook related to that specific alert.
    - Details page
      The Alerts details page provides a comprehensive view of a triggered alert, including cause, context, and recommended response. It displays communication paths, affected nodes, and relevant MITRE ATT&CK tactics. Use this page to investigate incidents and track alert handling activity.
  - Assets
    The Assets page shows all the physical components and systems in the local network environment and their associated details. It also lets you perform actions on those assets. Depending on the nodes and components involved, assets can range from a simple personal computer to an operational technology (OT) device.
  - Queries
    You can use the Nozomi Networks Query Language (N2QL) syntax to create complex data processes to obtain, filter, and analyze lists of information from the Nozomi Networks software.
  - Smart Polling in CMC
    The Smart Polling page gives you a read-only view of Smart Polling.
  - Arc in CMC
    Arc™ is a host-based sensor that detects and defends against malicious or compromised endpoints, and insider attacks. You can use Arc sensors to aggregate data for analysis and reports, either on-premises, or in the Vantage cloud.
  - Reports
    The Reports page lets you manage, generate, schedule and view reports.
  - Assertions
    The Assertions page shows all the assertions and lets you configure them.
  - Vulnerabilities
    The Nozomi Networks software continuously discovers vulnerabilities in monitored assets.
  - Administration
  - Personal settings
    The personal settings page lets you do actions that are specific to your profile.
  - Troubleshooting
- Maintenance Guide
  Information about the maintenance tasks of Central Management Console (CMC), to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for the Central Management Console (CMC).

Alert deduplication

Alert deduplication groups repeated alerts into one alert entry when the alert type and key values match. It helps you reduce noise and review repeated activity in context.

The system compares alert-specific key values to decide whether two alerts match.

Deduplication can help you focus on unique issues while still preserving recurrence history.

How deduplication works

When deduplication is enabled and a new alert matches an existing alert, the system updates the existing alert.

In expert view, the grouped alert shows these column values:

Creation time: The timestamp of the first time this alert was triggered.
Time: The timestamp of the most recent trigger.
Counter: The total number of times the alert has been triggered.
Occurrence timeline: The timestamps of up to 100 of the most recent occurrences.

If a matching alert occurs after you close a deduplicated alert, the alert reopens automatically.

Deduplication key

Each alert type defines its own deduplication key fields. Only alerts with matching key values are grouped together.

The alert type ID is always part of the deduplication key. Common fields also include source node, destination node, and protocol-specific attributes.