Skip to main content
Version: 3.6.0

What Can You Do with AME?

Imagine managing alerts with Alert Manager Enterprise (AME): install it, create and tag events, automate statuses and resolutions, notify users across channels, trigger workflow actions, enforce SLAs, and report outcomes—all within the default tenant.

Prerequisites

  • AME installed with Splunk Admin or ame.admin role (see Quick Start).

What You Can Do

  1. Install AME: Get AME running on Splunk to manage events (see Quick Start).
  2. Define Event Templates: Preset details like medium urgency (see Templates).
  3. Tag Events: Apply a PCI tag when subnet 192.168.1.0/24 matches (see Tags).
  4. Enrich with Asset Information: Automatically add asset information to the event (see Observables)
  5. Increase the Risk Score: Increase the risk score of the asset (see Risk Scoring)
  6. Automate Status Changes: Set events to Assigned upon user assignment (see Rules).
  7. Set Resolutions: Auto-resolve events based on conditions (see Resolutions).
  8. Customize Event Summary: Tailor fields and layouts in the summary view (see Event Summary Configuration).
  9. Send Notifications: Alert assignees via email, Slack, or Teams on assignment (see Notifications).
  10. Invoke Workflow Actions: Run a Splunk webhook from Notable Fields (see Working with Events).
  11. Enforce SLAs: Track a 60-minute response SLA, ending at Assigned (see SLAs).
  12. Generate Reports: Review SLA compliance and trends (see Reports).
  13. Test the Flow: Create an event, assign a user, and watch AME tag, update, notify via Slack/Teams, trigger a webhook, enforce SLAs, and report (see Working with Events).
  14. Integrate with Ticketing Systems Sync alerts natively with ServiceNow (Jira coming soon) – create, update, and close tickets based on alert state. (see Ticketing Integration).
  15. Manage Vulnerabilities Identify, Prioritize and Manage Vulnerabilities (seeVulnerability Intelligence )

Optional: Scale with Tenants

  • Add a Sec and and an ops tenant to isolate events across teams (see Tenants).

Explore More