Alert Monitoring Setup
There is no default configuration for alert monitoring. Alert monitoring is configured in Configuration → Configuration → Alerting Rules.
When monitoring alerts, the Recorded Future App will poll the Recorded Future API for alerts which match the configured criteria.
By default, the alerts are fetched on the fly when needed by a dashboard.
Add Alert Monitoring
To add alert monitoring, click on Add Alerting Rule and select the Alerting Rule to fetch alerts from. The following fields then appear:
Field | Significance | Comment |
Nom | Alerting Rule name | Name of the Alerting Rule input. |
Alert Status | Matches any alert status by default | The filter can be configured as needed. |
Time Range | Filters on the timestamp of the alert. | Default is anytime. The notation is the same as in the Recorded Future web client. Ex: 1. “-2d to now” 2. “-2h to -1h” 3. “yesterday” |
Limit | Amount of alerts to fetch | Default is 10. This should be adjusted depending on the amount of alerts that trigger for this rule. |
Alerting Rule | Which alerting rule to fetch | This is the rule that you selected when creating the Alerting Rule input. |
Manage Alerting Rules
To edit a configured Alerting Rule, just click on Edit and the fields will unlock. Click Save when done editing the settings.
To remove an Alerting Rule, select the corresponding Delete Alerting Rule checkbox and click on Save.
Further Help
“Recorded Future App for Splunk” has been developed by Recorded Future.
Further information and support can be found on our Support web site: support.recordedfuture.com