Back to Floor
The Alert Watchtower • Room 2
Trigger Conditions & Throttling
Trigger conditions define when an alert fires. Common options include: number of results (e.g., "more than 10 results"), number of hosts, number of sources, or a custom condition.
Throttling prevents alert fatigue by suppressing duplicate alerts. You can throttle by time window ("once per 15 minutes") or by field values ("once per host").
Alert actions define what happens when an alert fires: send an email, run a script, log an event to a summary index, or trigger a webhook.
Knowledge Check
Prove your understanding to clear the room (Rewards XP)
To prevent an alert from firing more than once every 10 minutes for the same host, you would configure:
Suppress for minutes, grouped by field: