Update a static alert

Created:
March 22, 2023
Updated:
May 27, 2024

1. Navigate to Posture Management in the FireTail platform. Click the Alerting tab. All Existing alerts are displayed, you can filter to only display Static or Anomaly alerts. Select the alert you want to make changes to.

2. You can update the following fields:

  • Alert Name - Enter a name for the alert.
  • Enabled - Toggle on or off to activate or deactivate the alert. If the alert is deactivated the settings remain and the alert can be reactivated if needed. 
  • Filters. Add new filters or edit existing ones.
    • Click an existing condition to edit it. Make any changes and click Submit.
    • Click Delete beside the condition to remove. Click Yes to confirm.
    • Click Add to add further conditions to a filter group. Or click Add Filter Group to add additional filter groups. 
    • Click Delete to remove a condition or click Reset to to remove all filters. Click Yes to confirm.
  • Edit existing conditions settings
    • Trigger this alert, when whenever the number of requests is - This defines when the alert is triggered.
    • Than - Enter the threshold value.
    • Within the last - This is the time period during which the requests are evaluated for the alert condition. Select the value from the dropdown. The frequency of the alert checks is calculated as a period divided by three. For example, if you select 6 hours, then an alert check is run every two hours and that alert check evaluates the previous 6 hours. This is displayed under the Runs this check every field.
  • In the Metric Selection section you can choose the specific metric to monitor for unusual activity.
    • Select the metric name.
    • Select the metric stat. 
  • In the Control Settings section you can adjust the parameters to manage the frequency and timing of the alerts. You can edit the values for:
    • After every trigger don't run this check for - - After an alert is triggered, enter a 'cooldown' period during which subsequent alerts are suppressed.
    • Delay evaluating the first check by - After an alert is created, this value is used to delay the first evaluation. This serves as a grace period.
  • Notification Integration - This selects how you will get your alert notifications. You can select a different integration from the dropdown, or click Create to create a new integration. Learn how to create an integration here.
  • Any changes made can be viewed in the Alert preview diagram.

3. Click Update.