Skip to main content

Alerts

Web vs mobile: Mobile is built for alert triage in the field — browse, filter, acknowledge, and deep-link to related devices and tickets. Alert rule configuration and bulk admin remain on PanelOne web.

Navigation: Tab bar → Alerts

The Alerts tab aggregates alerts from all connected integrations into a single, filterable feed optimized for on-call response.

Overview

The alert feed shows:

  • Active count — Unacknowledged alerts requiring attention
  • Alert list — Sorted by severity, then recency
  • Client subtitles — Client name on each row when no client scope is active
  • Realtime refresh — Scoped invalidation updates the list when online

How Alerts Get Here

Alerts sync from the same sources as PanelOne web:

SourceExamples
NinjaOneDevice offline, disk space, RMM conditions
SentinelOneThreat detections
CheckpointEmail security events
Microsoft 365Defender alerts
UniFiNetwork infrastructure alerts
SystemPanelOne-generated alerts (SLA, licensing)

Alerts arrive via data sync and webhooks. Mobile displays the same Supabase-backed alert records as web.

Alert List

Each alert row displays:

FieldDescription
Severity iconCritical, high, medium, low, info
TitleAlert headline
DescriptionTruncated context
ClientAffected client (or "System")
TimestampWhen the alert was created
Ack statusAcknowledged vs active

Tap a row to open alert detail.

Filtering

Use the filter strip above the list:

Type to search alert title, description, or client name.

Severity Filter

ValueUse when
AllFull feed
CriticalImmediate action required
HighUrgent attention
MediumAddress soon
LowInformational priority
InfoAwareness only

Status Filter

ValueShows
AllEvery alert
ActiveUnacknowledged only
AcknowledgedAlready triaged

Filter selections persist per organization.

Acknowledging Alerts

To acknowledge an alert:

  1. Open alert detail, or use the acknowledge action on the list row where available.
  2. Tap Acknowledge.
  3. The alert moves to acknowledged status with your user metadata recorded.

Acknowledging helps the team see what's been triaged vs what still needs attention.

Offline Acknowledge Queue

When you acknowledge an alert while offline:

  1. The acknowledge action is queued locally (alert_acknowledge write kind).
  2. The UI updates optimistically — the alert appears acknowledged in your local view.
  3. When connectivity returns, the queue flushes automatically (foreground or background refresh).
  4. Failed writes retry up to 3 times, then move to a dead-letter queue.

If a queued acknowledge fails permanently, check connectivity and retry from alert detail when online.

Alert Detail

Alert detail enriches the list row with:

SectionContent
SummarySeverity, status, timestamps
Client linkNavigate to client detail
Device linkResolved device name → device detail
Ticket linkRelated ticket number → ticket detail
Ack metadataWho acknowledged and when
Integration raw dataParsed vendor payload (Checkpoint, etc.)
External refsLinks to vendor consoles

Cross-entity links use resolved labels (device name, ticket number) rather than raw IDs.

Client-Scoped View

When client scope is active:

  • Only that client's alerts appear.
  • Client subtitles on rows are hidden (redundant).

From client detail → Alerts tab, the same filtered view applies.

Dashboard Drill-Down

Tapping alert summary cards on the Home tab can navigate to the Alerts tab with severity and status filters pre-applied.

Sort Order

Alerts sort automatically:

  1. Severity — Critical first, then high, medium, low, info
  2. Time — Most recent first within each severity band

Tips & Best Practices

  • Filter to Active at shift start — Focus on unacknowledged items.
  • Acknowledge as you handle — Keeps the team aligned during incidents.
  • Use detail links — Jump to device or ticket without manual search.
  • Trust offline ack queue — Acknowledges sync when you reconnect; verify critical alerts when back online.