Skip to main content

AME Release: 3.3

Datapunctum2 min read

Alert Manager Enterprise 3.3

Alert Manager Enterprise 3.3 introduces Observables and Risk Scoring, two powerful new capabilities that bring context and prioritization to your incident management workflow.

Version 3.3 of Alert Manager Enterprise is now available on Splunkbase. This release focuses on enriching events with contextual information and helping teams prioritize effectively.

Observables: Context at Your Fingertips

Observables allow you to attach structured contextual data, such as IP addresses, hostnames, user accounts, or file hashes, directly to your alert events. Instead of switching between tools, analysts can see all relevant artifacts in one place.

Observables in Alert Manager Enterprise

Observables are automatically extracted from your alert data and can be enriched with additional lookups. This gives your team immediate access to the context they need to make faster decisions.

Key Benefits

  • Automatic extraction: Observables are parsed from event fields without manual configuration
  • Custom observable types: Define your own observable categories to match your use cases
  • Enrichment support: Extend observables with additional context from external sources
  • Drilldown actions: Click on any observable to pivot into deeper investigation

Risk Scoring: Focus on What Matters

With so many alerts competing for attention, knowing which events to prioritize is critical. AME 3.3 introduces a risk scoring framework that assigns a calculated priority to each event based on configurable criteria.

Risk Scoring for events

Risk scores are computed using factors such as asset criticality, alert severity, historical patterns, and threat intelligence. Events with higher risk scores surface to the top of your queue, ensuring your team spends time on what truly matters.

How It Works

  • Configurable scoring rules: Define weights for different risk factors
  • Dynamic recalculation: Scores update as new information arrives
  • Visual indicators: See risk levels at a glance in the event list
  • Integration with workflows: Trigger automatic actions based on risk thresholds

Additional Improvements

  • Enhanced event aggregation for reduced alert fatigue
  • Improved workflow action capabilities
  • Performance optimizations
  • Bug fixes and stability improvements

Get Started

Download the latest version from Splunkbase.

Stay Up to Date

Get news about releases, features, and tips for Alert Manager Enterprise.