Alert Dashboards

Updated

[this is for v4.0.x of the Recorded Future App for Splunk Enterprise] 

Alert dashboards

The Alert Dashboard displays current alerts. By default the modular input responsible for retrieving the alert from Recorded Future polls the API every five minutes, this dashboard checks for any active alert in the last ten minutes.

By default the sum of all configured modular inputs for alerts are shown but specific inputs can be selected using the drop down menu "Select an Alert config".

The dashboard contains three fields:

  • The number of active alerts.
  • The "Counts by Rule" which displays which alert rules that have triggered and their count.
  • Detailed Alert Information which displays the details of each alert.

Click on an alert in the "Detailed Alert Information" to open a new window showing the alert in Recorded Future's GUI.

Alert Dashboard

Further help

Your Recorded Future Intelligence Services consultant would be happy to help you with additional questions and advice.  If you do not know who that is, you can also contact support@recordedfuture.com.

Please do not contact Splunk support about "Recorded Future for Splunk Enterprise".

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more