Alerting emails are not received

New anomalies are discovered and displayed on a Kibana dashboard, but alerting emails are not received by the expected receiver.

Solution

  1. Identify date and time of an anomaly which was not alerted by email.
  2. Navigate to OMEGAMON AI for Alerting space > Security > Alerts > Rules > Detection rules (SIEM) in Kibana and verify if the expected alert rule for expected context is enabled.
  3. Check the time when the relevant alert rule was evaluated last time in the table column Last run. Verify that the relevant alert rule was evaluated after anomaly was discovered by OMEGAMON® AI Insights.
  4. Ensure that alert configuration file (see Configuring alerts) includes email address of an expected receiver.
  5. Alerting emails are sent to receivers by a scheduled alerting process. You can check alert rule execution schedule in the Edit rule settings window. Click on the three dots corresponding to your relevant alert rule and navigate to Edit rule settings > Schedule. Orchestrator logs also help to identify possible errors. For further troubleshooting, see Investigating Docker logs.