Configuration Home

Salem configuration files control how Salem will process and analyze alerts. Configuration entities ("configs") include instructions for alert parsing, context extraction, incident reporting, and other key Salem functions.

ActionConfs are low-level action classes that dictate how information retrieved from external systems is applied or adjusts requests to user specification.

Action Definitions are high-level action classes that are referenced by Action and Reporting actions. These Definitions describe how Salem connects to third-party systems for context and reporting actions. Many ActionConfs may reference a single ActionDefinition for connection/authentication to external systems.

Parsing Conf defines how Salem will process and extract information from new alerts. Parsing can be defined on default (all alerts), source, and alert scopes, allowing fine control over the parsing of alerts using different data structures.

Report Conf controls how Salem sends notifications regarding alert analysis. Salem is pre-configured to send incident notifications to chat. Notifications can also be sent to third-party systems.

Last updated