Home
Vantage
Learn how Vantage uses the power and simplicity of SaaS to deliver unmatched security and visibility across your OT, IoT and IT networks.
Administrator Guide
Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
Administration
Organization Settings
Alert Close Options
The Alert Close Options page lets you define custom explanations for closing an alert.

Vantage
Learn how Vantage uses the power and simplicity of SaaS to deliver unmatched security and visibility across your OT, IoT and IT networks.
- Introduction
  An overview of Vantage.
- Administrator Guide
  Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - System
    - Teams
    - Organization Settings
      - Updates
        The Updates page gives you access to configuration tabs for update policies and to schedule updates.
      - Features
        The Features page lets you configure Vantage to show, or hide, experimental and preview features for the selected organization.
      - Sensors Synchronization Settings
        The Settings Synchronization Settings (Sync) page shows the settings that this sensor inherits from its organization.
      - Tags
        The Tags page lets you assign tags to assets for access management purposes. This lets you constrain role assignments into a specific tag.
      - Zone Configurations
        The Zone Configurations page shows all the zone configurations in your organization, and lets you add new ones.
      - Imports
        The Imports page is organized into four tabs where you can view the history of completed imports and start new ones: Assets, Arc, Zone Configurations, and N2OS Content Packs.
      - Asset Rules
        The Asset Rules page shows all the asset rules in your organization, and lets you add new ones.
      - Security Control Panel
        The Security Control Panel allows administrators to configure security settings across the organization.
      - Custom Fields
        The Custom Fields page lets you enrich the schema of assets and nodes, and propagate the information to every sensor.
      - Credentials Manager
        Use the Credentials Manager to define credentials that authorize access to hosts through Smart Polling or Arc. This enables secure data collection and encrypted transmission decryption. You can add, customize, and manage credentials for various device types.
      - Alert Close Options
        The Alert Close Options page lets you define custom explanations for closing an alert.
        Add an alert closing option
        You can use the actions menu to add an alert closing option.
      - Alert Playbooks
        The Alert Playbooks page lets you define templates to follow to manage alerts. An alert playbook defines custom content that instructs alert operators, and other users, how to manage various types of alerts. Playbooks are associated with alerts that match criteria specified in an alert rule. When a matching alert is raised, the playbook's content is included on the new alert's Details page. You and your team can update this content to record progress and take notes particular to this alert.
      - Alert Rules
        The Alert Rules page shows all the alert rules that you have defined, and lets you add new ones.
      - Contents Management
        Use the Contents Management page to view, create, and manage detection content across the organization. Tabs organize content types such as packet rules, Yara rules, and Sigma rules. This interface helps streamline the application of threat detection logic in Vantage.
      - Integrations
        The Integrations page lets you use one of the available applications to connect an organization with a third-party application.
      - Traffic Replays
        The Traffic Relays page lets you load demonstration data into your environment so that you can test various features and explore Vantage. Nozomi Networks provides several traffic replays, which demonstrate different scenarios, such as an OT-focused Power Station attack.
      - CLI
        The CLI page lets you select sensors and use the text field to enter a command to execute. Vantage shows the output of sensors in the web UI.
      - Migration tasks
        The Migration tasks page lets you update your Vantage instance and downstream sensors to adapt to changes in new versions of N2OS.
      - Audit Logs
        The Audit Logs page shows detailed operational information about your sensors and the activities that they monitor.
      - Backup Schedules
        The Backup Schedules page lets you manage, view, add, edit, and delete backup schedules.
      - Upload Traces
        The Upload Traces page lets you upload a trace, or packet capture (pcap) file, that is related to the active organization.
  - SAML integration
- User Guide
  Information about the main features of Vantage and the tasks that you can do from the user interface (UI).
- Print format documentation
  A list of all the print-format documentation that is available for Vantage.

Alert Close Options

The Alert Close Options page lets you define custom explanations for closing an alert.

The Alert Close Options table listing built-in and custom alert closing options, with columns for Created at, Updated at, Reason, and Learn. — Figure 1. Alert Close Options page

Note:

Built-in alert closing options cannot be edited or deleted. Only custom options that you create are editable.

Built-in options

Vantage includes four built-in alert closing options that are available to all organizations:

Close as Security Incident: Marks the alert as a confirmed security incident. Vantage generates new alerts if a similar event happens again.
Close as Change: Marks the alert as an expected change. Vantage learns the change so that similar future alerts are suppressed.
Close with Alert Rule: Creates an alert rule to mute future alerts that match the same conditions. Only appears when the alert has deduplication components that Vantage can use to create an alert rule.
Close as Known Asset: Marks the asset as known in its current geofence area and updates its location. Only appears for geofence alerts where the asset has an associated geofence area.

Learn behavior

When you close an alert with a Learn option, Guardian integrates the detected change into the network baseline. For example, new nodes or communication patterns that triggered the alert are recorded as safe so they do not generate new alerts. Learn is only applicable to alerts related to deviations from the baseline. If an alert cannot be learned, Vantage presents only the options that don't have the Learn flag.

Add

This button lets you add a new alert closing option.

Columns

The Columns button lets you select which of the available columns for the current page will show.

Live

The Live toggle lets you change live view on, or off. When live mode is on, the page will refresh periodically.

Refresh

The icon lets you immediately refresh the current view.

Table

Column label	Description
Created at	Shows when the alert closing option was created.
Updated at	Shows when the alert closing option was last updated.
Reason	Shows the label for this alert closing option. This label appears in the Reason dropdown when you close an alert.
Learn	Indicates whether closing an alert with this option triggers Learn. When enabled, Guardian integrates the detected change into the network baseline so that it does not generate new alerts.