Comment on page
Salem configuration files control how Salem will process and analyze alerts. Configuration entities ("configs") include instructions for alert parsing, context extraction, incident reporting, and other key Salem functions.
Action Definitions are high-level action classes that are referenced by Action and Reporting actions. These Definitions describe how Salem connects to third-party systems for context and reporting actions. Many ActionConfs may reference a single ActionDefinition for connection/authentication to external systems.
Parsing Conf defines how Salem will process and extract information from new alerts. Parsing can be defined on default (all alerts), source, and alert scopes, allowing fine control over the parsing of alerts using different data structures.