Skip to main content
Version: Next

Overview

note

Splunk, Splunk>, Turn Data Into Doing, and Data-to-Everything are trademarks or registered trademarks of Splunk Inc. in the United States and other countries.

info

Docs for AME 3.3.0 (as of Mar 10, 2025). For Version 3.2.0, see here.

What is Alert Manager Enterprise?

Datapunctum Alert Manager Enterprise (AME) empowers IT Operations and Security teams to efficiently manage alerts within Splunk Enterprise and Splunk Cloud. By adding the AME Alert Action to your existing Splunk searches, you can instantly transform triggered alerts into actionable, trackable events—all within the Splunk environment.


Why Choose Alert Manager Enterprise?

AME bridges the gap between alerts and insights, enabling faster root cause analysis and security investigations without leaving Splunk. Here’s why it stands out:

  • Unified Workflow: Investigate and resolve alerts directly in Splunk, minimizing tool-switching and accelerating response times.
  • Beyond Basic Alerting: Move past simple "fire-and-forget" email notifications with customizable notification schemes that deliver the right info to the right people via the right channels (e.g., email, Slack, Teams).
  • Security & Access: Features role-based access control (RBAC) and multi-tenancy (subscription required) to secure events across teams or clients.
  • Enhanced Classification: Includes a Security Knowledge Pack (subscription required) with frameworks like Cyber Kill Chain and MITRE ATT&CK to quickly categorize incidents.
  • Quick Deployment: Easy to set up and configure, delivering immediate value to businesses.

Key Features

AME offers a robust set of tools to streamline alert management:

  • Intuitive User Interface: Simple, Splunk-integrated design for seamless navigation.
  • Notification Schemes: Flexible options including email, Slack, webhooks, and custom alert actions.
  • Rule Manager: Suppress noise or auto-update events with custom rules.
  • Workflow Actions: Trigger GET/POST requests or Splunk searches directly from alerts.
  • Alert Aggregation: Group recurring alerts to reduce clutter.
  • Role-Based Access Control (RBAC): Securely restrict event visibility by user roles.
  • Service Level Agreement (SLA) Management: Track and enforce response timelines.
  • Multi-Tenancy: Manage multiple clients from a single interface (subscription required).
  • Security Tags: Enrich alerts with frameworks like Cyber Kill Chain, MITRE ATT&CK, NIST, CIS Controls, and CVE data (subscription required).
  • Observables: Manage Assets & Identities: Correlate and manage asset and identity data with alerts for enriched context.
  • Risk Scoring (subscription required): Assign risk scores to alerts based on severity and context to prioritize investigations.

Licensing

AME comes with a Free License out of the box, providing access to core functionality. Advanced features like multi-tenancy and the Security Knowledge Pack require an additional subscription.

For details on third-party software licensing, see 3rd Party Software.


Support

AME offers Community Support through multiple channels:

  • Splunk Usergroup Slack: Join the #alertmanagerenterprise channel.
  • Email: Reach out to community-support@datapunctum.com.
  • Splunk Answers: Post questions on the Splunk Answers forum.

For Commercial Support, contact sales@datapunctum.com.


Get Started

Ready to enhance your Splunk alerting? Download AME from Splunkbase and start managing alerts more effectively today.


Feedback

Help us improve! Have suggestions or found something unclear? Let us know at docs-feedback@datapunctum.com.