Custom alerts
A custom alert is a type of notification that is generated for scheduled Data Explorer query runs.
The custom alerts feature allows you to monitor analyzed events that matters to you at regular intervals. You can view all custom alerts sent on the Custom Alerts page of the Arctic Wolf® Unified Portal. For more information, see:
To manage notification settings, see Custom alert rules.
Note:
- Custom alerts are considered non-emergency events for self-service reporting purposes only. This type of notification is configured by users in your organization. For more information, see Saved queries and custom alerts.
- Each custom alert provides a snapshot of the data that was captured for the time frame specified in the query. While this data never ages out of the custom alert itself, this data will only be available in Data Explorer up to your license limit. For more information, see Data Explorer license options.
View custom alerts
- In the navigation menu, click
Tickets & Alerts > Custom Alerts.
The Custom Alerts table provides this information about custom alerts that were previously sent:- Title — The title of the alert. This title is identical to the name of the query associated with the alert.
- Status — Whether an alert is open or closed. The Closed status is manually applied by a user in your organization.
- Description — A description of the query.
- To — The primary recipients of the alert.
- CC — The recipients who are copied on the alert.
- Triggered date — When the custom alert was generated.
- Optional: To filter the alerts by status:
- Click
Filters.
Make sure that the Columns field is set to Status.
- Click
Review a custom alert
- In the navigation menu, click
Tickets & Alerts > Custom Alerts.
- To open a custom alert, click
>
View Custom Alert.
- Optional: To indicate that the custom alert was reviewed:
- Click
Close Custom Alert.
- Click