Skip to main content
Version: Next

System Configurations

Configure Alert Manager Enterprise (AME) system settings via the Administration > Configuration page to manage licenses, logging, proxy settings, CA chains, backups.

License Management

Manage AME license keys in the License tab:

  1. Click Add License.
  2. Enter the license key. A green tag appears if the key is valid.
  3. To remove a license, click Delete.
  • Storage Location: Installed licenses are saved in $SPLUNK_HOME/etc/apps/alert_manager_enterprise/local/datapunctum_licenses.conf.

Logging Configuration

Adjust AME log levels in the Logging tab under Administration > Configuration. Each AME component has its own logger settings for granular control.

warning

Heavy logging (e.g., DEBUG mode) can impact performance. Revert to INFO level after resolving issues to maintain optimal operation.

Proxy Settings

Configure proxy settings in the Proxy tab if notifications, tag updates, or other HTTP requests need routing through a proxy server. AME accesses the following URLs:

  • CVE Tag Download: https://www.cve.org/CVERecord?id={cve}
  • MITRE ATT&CK Tags: https://github.com/mitre/cti/raw/master/enterprise-attack/enterprise-attack.json

Collection Backup

AME performs a daily backup of collections (templates, rules, resolutions, etc.)

Backups are stored within the index of the tenant. The time picker selects the shown backups.

  • A backup can be triggered automatically.
  • Opening a backup set shows the backup time and version. The View Diff Button shows differences between the collections.

To restore data, select either the Restore Tenant to restore the complete tenant, or select Restore Collection to restore a single collection.

For more details see Backup and Restore.

CA Chain Configuration

Set up custom CA chains in the CA Chain tab for AME to use in system operations, such as workflow actions, notifications, and external requests:

  1. Click Add CA Chain.
  2. Enter:
    • Name: A unique identifier for the CA chain (required).
    • Description: A brief purpose of the chain (optional).
    • Certificates: The full chain of certificates in PEM format (required).

Vulnerability Intelligence NIST API

The Vulnerability Intelligence feature uses the NIST API to pull CVE Data. Enter the NIST API Key and specify a start date to only include CVEs published starting this date.

The connections can be tested using the Request Connection button.

Connections are made to:

  • epss.empiricalsecurity.com
  • github.com
  • services.nvd.nist.gov :::

The Ingestion can be reset by pressing the Reset Ingestion Markers button.

For more details see Vulnerability Intelligence.

API Key

An API Key can be requested at National Vulnerability Database.