Managing alerts

Rumble can trigger automatic alerts when certain events occur through a combination of Channels and Rules.

Rumble currently supports Internal, Email, and Webhook channel types.

Internal channels store events within the Alerts list within the Rumble Console. Internal alerts support explicit acknowledgement. Internal channels can be bulk acknowledged and cleared from within the Rumble Console.

Email channels can be configured to deliver mail to one or more recipients. These email messages contain a summary of the alert and a link to the specifics within the Rumble Console. Email is sent from the Rumble infrastructure using the Sendgrid service.

Webhook channels allow Rumble to post alerts to internet-reachable web services. The post request contains a standard text message for use with platforms like Slack and Mattermost, but also additional fields containing the full alert details. Webhooks are a great way to tie Rumble alerts into third-party platforms.

To trigger a alert on a channel, a Rule must be created. Rules define which events lead to alert on which channels. The name of the rule will be included in the alert content and should describe the type of event that it monitors.

The following event types can be used to create rules:

  • Scan completed
  • New assets found
  • Assets back online
  • Assets now offline
  • Assets changed

Scan completion and assets changed rules can be noisy but may be useful to keep a running log of network changes over time. For a typical monitoring use case, a rule would be created to trigger on Assets now offline, Assets back online, and New assets found, automatically alerting an email alias or a Slack channel.

Alert rules, when combined with recurring scans, can be a simple way to track network changes over time.