An ALERT is a notification that's triggered when a CONNECTION RULE is met. They can be email or HTTP actions.

Syntax

ALTER ALERT name ACTION [EMAIL TO 'email@host.com' SUBJECT 'the subject' CONTENT 'the email content' |
HTTP (GET | POST | PUT | DELETE) 'http://address.com/path' (CONTENT 'http post or put body' WITH TYPE 'http content-type')] (AND alert_action)

Arguments

  • ALTER ALERT name - alter an existing alert defined by name.

  • ACTION alert action - what will happen when the alert is triggered.

  • EMAIL TO - equivalent of mailto

  • SUBJECT - equivalent to &subject.

  • HTTP - HTTP commands required for connection to remote host (such as Slack)

  • CONTENT - any alphanumeric text. You can also include the following Cirro keywords:

      • the user account name used to trigger the originating access rule.
      • the target database the username is attempting to access.
      • source IP address that triggered the originating access rule.

Examples

ALTER ALERT slack_alert ACTION HTTP POST 'https://hooks.slack.com/services/XXXXXXXXX/YYYYYYYYY/ZZZZZZZZZZZZZZZZ' CONTENT '{"text": "CIRRO ALERT:  tried to access.'

See Also