Add a custom alert rule
データエクスプローラ allows you to save queries so that you can run them again later. With specific データエクスプローラ licenses, you can also configure custom alert settings for a saved query. When custom alert settings are configured for a saved query, a custom alert is generated each time the query runs as scheduled.
Note: Custom alerts are considered non-emergency events for self-service reporting purposes only. When you configure a custom alert rule, the results of each query run are sent only to members of the recipient group you select. These events are not submitted to the Arctic Wolf® Security Operations Center for review or alerting.
Before you begin
- Configuring custom alert settings requires a valid license.
For more information, see データエクスプローラ license options.
- A maximum of 50 custom alert rules can be enabled at the same time. If you have reached this limit, consider disabling a custom alert rule. For more information, see Enable or disable a custom alert rule.