Update an anomaly alert

Created:
May 16, 2024
Updated:
May 27, 2024
  1. Navigate to Posture Management in the FireTail platform. Click the Alerting tab. All Existing alerts are displayed, you can filter to only display Static or Anomaly alerts. Select the anomaly alert you want to make changes to.
  2. You can update the following fields:
    • Alert Name - Enter a name for the alert.
    • Enabled - Toggle on or off to activate or deactivate the alert. If the alert is deactivated the settings remain and the alert can be reactivated if needed. 
    • Filters. Add new filters or edit existing ones.
      • Click an existing condition to edit it. Make any changes and click Submit.
      • Click Delete beside the condition to remove. Click Yes to confirm.
      • Click Add to add further conditions to a filter group. Or click Add Filter Group to add additional filter groups. 
      • Click Delete to remove a condition or click Reset to to remove all filters. Click Yes to confirm.
  • Edit existing conditions settings:
    • Whenever the number of requests is - This defines when the alert is triggered.
    • Within the last - Specify the time period for the system to evaluate requests for the alert conditions.
  • In the Additional Configuration section, you can set the number of evaluation periods and the minimum number of data points required to trigger an alarm.
  • In the Sensitivity Settings sections adjust the sensitivity level of the anomaly detection. The preview diagram will adjust the thickness of the band accordingly. Higher sensitivity values detect smaller anomalies; lower sensitivity reduces false positives but may only detect significant anomalies.
  • Notification Integration - This selects how you will get your alert notifications. You can select a different integration from the dropdown, or click Create to create a new integration. Learn how to create an integration here.

3. Click Update.