SplunkAlertManager具有关于警报、工作流（修改受让.zip

# Alert Manager - **Authors**: Simon Balz <simon@balz.me>, Mika Borner <mika.borner@gmail.com>, Datapunctum GmbH - **Description**: Alert Manager App for Splunk with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features - **Version**: @version@ ## Introduction The Alert Manager adds simple incident workflows to Splunk. The general purpose is to provide a common app with dashboards in order to investigate fired alerts or notable events. It can be used with every Splunk alert and works as an extension on top of Splunk's built-in alerting mechanism. - Awareness of your current operational situation with the incident posture dashboard - Analyze root cause of incidents with only a few clicks - Review and adjust the urgency of incidents to improve operations scheduling - Dispatch incidents to the person in charge - Track and report incident workflow KPIs - Tag and categorize incidents ## Features - Works as Custom Alert Action to catch enriched metadata of fired alerts and stores them in a configurable separate index - Each fired alert creates an incident - Configured incidents to run well-known scripted alert scripts - Reassign incidents manually or auto-assign them to specific users - Change incidents to another priority and status - Various options how incidents are created, updated and closed ### Donations If you'd like to support further development of the Alert Manager, please use the donate button below. All donations go to the project maintainer. [](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=NTQJBX5VJZYHG) ## Release Notes - **v3.0.11**/ 2022-04-26 - Minor Issue fixed with alert processing - **v3.0.10**/ 2022-04-25 - Fixed an issue with suppression rules dashboard - Small code fixes - **v3.0.9**/ 2022-04-20 - More jQuery 3.5 compatibilty fixes - Fixed Splunk Cloud Appvetting issue with core js modules - Added app.conf trigger for custom alert_manager.conf - Fixed timestamp issues due to different standards - Utf encoding for new incident and comment - Align time to show trends more clearly - Fixed alert.priority not looking up using search result and template path swapped issue - **v3.0.8**/ 2021-08-26 - jQuery 3.5 compatibilty - Fixed an issue with Firefox not loading drilldown actions - Fixed an issue with incident posture refresh - **v3.0.7**/ 2021-01-28 - Bugfix for issue with incident posture modal loading on Splunk Cloud 8.1.2011 - **v3.0.5**/ 2020-12-14 - Improved config replication of alert_manager.conf in a SHC - Fixed a bug where incidents are not closed after TTL - **v3.0.4**/ 2020-08-13 - Allow the integration of custom reports - Added support for private alerts - Added direct link (alert_manager_link) to email templates - Fixed a bug where the false_positive_resolved status is marked as internal_only - **v3.0.3**/ 2020-07-09 - Fixed an issue, when overwriting a user - Upgraded loadincidentresults and loaddrilldowns to v2 custom seach commands - **v3.0.2**/ 2020-07-08 - Fixed an issue, when server timezone is not UTC - Fixed an issue with missing append_ignore_status "closed" - **v3.0.1**/ 2020-07-07 - Bugfix release for Windows installations - **v3.0.0**/ 2020-06-30 - Python 3.7 only release - Merged TA-alert_manager into alert_manager app - Added Bulk Edit function - Added new feature to manually create incidents - Added new feature to append an alert to existing ones, if title is identical - Added new feature to filter by incident results - Added new feature to group incident - Added new feature to have additional drilldowns for incidents - Added new feature to manually trigger notifications - Deprecating auto_previous_resolve auto_subsequent_resolve due to new append feature - Added support to hide unused Alert Statuses - Added support to override owner, category, subcategory, tags, display_fields, external_reference_id with event results - Added support to add and pass comments to external workflow actions - Added support to send HTML notifications in UTF-8 . Added support to load inicdent results also from index - Added health check dashboard - Deprecating lookups for category, subcategory and tags - Optimized alert_metadata event size - Fixed bugs in datamodel. Added action and previous_status attributes to fix state transition dashboard - **v2.2.0**/ 2017-12-31 - Added support for custom alert status in KVStore - Added support to index data results from a given alert - Added support for Conditional Tables in the Incident Posture View - Added support for automatically resolve informational events - Added support for external workflow actions - Added support for external reference ids - Improved Alert History - Fixed a bug when email notification still were sent for suppressed incidents - Fixed a bug where comments are not shown in incident posture - **v2.1.4**/ 2016-11-07 - Fixed disabled migration scripts for fresh installations - **v2.1.3**/ 2016-10-21 - Fixed migration scripts to check KVStore availability - Remove local.meta from distribution - **v2.1.1**/ 2016-10-10 - Support for non-admin users to modify incidents from Incident Posture dashboard - Added capability 'am_is_owner' which is required to be an owner of incidents - Added new alert_manager_admin, alert_manager_supervisor and alert_manager_user role as preparation for upcoming features - Added support for 'AND' or 'OR' combinations in Suppression Rules - Added new dynamic owner selection in Custom Alert Action dialog - Added auto subsequent resolve option to resolve new incidents from the same title - Added loading indicator to incident posture dashboard when expanding incident to show details - Improved incident edit dialog to provide better owner search and selection - Fixed IncidentContext to support https scheme and custom splunk web port - Enhanced timestamp display in incident history - Lot’s of bugfixes, code cleanups, enhancements and sanitizations. See changelog for details - **v2.0.5**/ 2016-04-15 - App certification release only - no functional changes included! - **v2.0.4**/ 2016-04-15 - App certification release only - no functional changes included! - **v2.0.3**/ 2016-04-15 - Fixed wrong file permissions - Fixed wrong default notification scheme seed format - Added missing appIcon - Fixed a bug where e-mail notifications we not sent correctly - Fixed a bug where e-mails haven't been displayed correctly on iOS devices - Fixed results_link and view_link in notification context - **v2.0.2**/ 2016-04-14 - Fixed a bug to reenable inline drilldown on Incident Posture again (Splunk 6.4 compatibility) - Merged a pull request to properly support SMTP authentication - Fixed a bug where an urgency field in results lead into an error - Fixed wrong modular alert description - Removed legacy scripted alert action - Merged pull request for better quotation in incident posture - Improved alert filter populating search - Fixed a bug where not all built-in users are shown in the incident edit modal - Fixed incident posture to refresh single values automatically - **v2.0.1**/ 2016-01-20 - Fixed localization support - Changed alert column in incident settings to read-only - Fixed a bug where token syntax in notifications doesn't work - Fixed notifications to support multi-valued fields or comma-separated list of recipients - **v2.0** / 2015-11-18 - Changed from scripted alert action to Custom Alert Action framework - Added a customizable incident title - Added support for extended notification schemes - Added support for incident suppression (False positives, maintenance windows...) - Added migration script to ingest default data (email templates and notification schemes) as well as migrating old incident settings to Custom Alert Action parameters - Added new Splunk