Alert Groups

Overview

An Alert Group is a container for Indicators (ie PromQL queries) and Alert Rules which evaluate these queries. Alerts that are generated by Alert Rules, send notification on the Channels that are configured within the Alert Group.

Creating an Alert Group

info

The following steps are to create an Alert Group using the UI. To use a gitops workflow, see Declarative Alerting via IaC. Alert Groups created via IaC have the option to disable any edits from the UI to avoid configuration conflicts.

Navigate to Home → Alert Studio → Alert Groups and click on Add New
Assign a descriptive name to the Alert Group and Select the data source from which you like to query metrics and click Create.

Ensure that you select the correct Data Source (Last9 Cluster) from which you like to query the metrics from or else the Alert Rules will not evaluate. Pro Tip - You can also use Last9’s Health Cluster as a data source to setup alerting to watch your Cluster’s health .. after all quis custodiet ipsos custodes?
Click on the Alert Group to navigate to your newly created Alert Group

If this is your first Alert Group, next you would need to create the first Indicators followed by creating an Alert Rule.

Deleting an Alert Group

Deleting an Alert Group deletes all the Alert Rules, Indicators and all the generated Alerts. To delete an Alert Group:

Navigate to Home → Alert Studio → Alert Groups
Click the … button besides the Alert Group you wish to delete and select Delete

Features

Labels

Labels are are named pairs (key:value pairs) that add additional information and context to Alert Groups.

To add labels to an Alert Group:

Click Edit in to update Alert Group meta fields
In the Labels card, click Add Labels to add a new label

Labels must have a unique key (ie a name). Label value can contain alphanumeric text.
Click Done to exit edit mode

To edit or delete labels from an Alert Group:

Click Edit in to update Alert Group meta fields
In the Labels card, hover on the label you wish to edit or delete. Click on the appropriate button to edit or delete the label
Click Done to exit edit mode

Links

Alert Group links allow you to add links to external resource used by your team. These can be very helpful for your team to quickly navigate to resources like CloudWatch, runbooks or repos, etc. Links are named URLs which can have any custom with several suggested links.

To add links to Alert Groups:

Click Edit in to update Alert Group meta fields
In the Links card, add a link to a suggested field or add your own custom name for the link
Click Done to exit edit mode

To edit or remove links from an Alert Group:

Click Edit in to update Alert Group meta fields
In the Links card, hover on the link you wish to edit or delete. Click on the appropriate button to edit or delete the link
Click Done to exit edit mode

Alert Group Settings

Channels

Notifications from Last9 are sent on Notifications Channels. Ensure that you have at least one Notification Channel configured, before trying to add an Channels to an Alert Group

To add a notification channel:

Navigate to Home → Alert Studio → Alert Groups → Select an Alert Group

Press the ⚙️ icon on the top right to view Alert Group settings.
Under the Channels tab you can assign channels as per Alerts severity level, ie you can set different (or same) channels for Threat and Breach severity alerts

Slack integration also allows you to append additional @mentions to tag a person or group
The configured Alert Channel will now start receiving alerts

Troubleshooting

Please get in touch with us on Discord or Email if you have any questions.

Overview​

Creating an Alert Group​

Deleting an Alert Group​

Features​

Labels​

Tags​

Links​

Alert Group Settings​

Channels​

Troubleshooting​