System Configurations
System configurations for Alert Manager Enterprise (AME) are available in the Administration menu under the Configuration page.
License Management
Administrators can manage license keys through the License tab. To add a new key:
- Click
Add License. - Enter the license key. A green tag appears if the key is valid.
To remove a license, click Delete.
Installed licenses are stored in local/datapunctum_licenses.conf.
Proxy Settings
Notifications, tag updates, and other HTTP requests may require routing through a proxy server. Configure proxy settings here if needed.
AME accesses these URLs:
- CVE Tag Download: https://www.cve.org/CVERecord?id={cve}
- MITRE ATT&CK Tags: https://github.com/mitre/cti/raw/master/enterprise-attack/enterprise-attack.json
CA Chain
Configure custom CA chains for AME to use in system operations. These chains are utilized for workflow actions, notifications, and other requests to external systems.
To add a CA chain:
- Click
Add CA Chain. - Enter:
- Name: A unique identifier for the CA chain.
- Description: A brief description of the chain’s purpose (optional).
- Certificates: Include the full chain of certificates in PEM format.
- Click
Saveto apply.
Hardening Options
IP Binding
AME supports binding the splunkd process to a specific IP address by setting the SPLUNK_BINDIP environment variable in Splunk.
PYTHONHTTPSVERIFY
AME supports configuring the PYTHONHTTPSVERIFY setting in splunk-launch.conf to control HTTPS verification for Python requests in AME.