Custom alert rules

In Data Explorer, you can save the queries that you make in the Query Builder. Specific Data Explorer licenses add the ability to configure custom alert rules for saved queries. For more information, see Data Explorer license options.

Configuring a custom alert rule is optional. When custom alert settings are configured for a saved query, a custom alert is generated each time the query runs as scheduled. This feature allows you to monitor data that matters to you at regular intervals. You can also configure the rule to send a custom alert to multiple recipients. A maximum of 10 custom alert rules can be enabled at the same time.

Note: Custom alerts are considered non-emergency events for self-service reporting purposes only. When you configure a custom alert rule, the results of each query run are not submitted to the Arctic Wolf® Security Operations Center for review or alerting as part of Managed Detection and Response (MDR) service. However, if you have questions about how to use this feature, you can submit a ticket to your Concierge Security® Team (CST). Your CST can also provide guidance during your next scheduled touchpoint.

The topics in this section describe how to manage the query and notification settings of custom alert rules. For information about viewing custom alerts that have been sent, see Custom alerts.