Splunk_Deploiement/apps/trackme/default/alert_actions.conf

# alert_actions.conf

[trackme_smart_status]
python.version = python3
description = Run the TrackMe Smart Status
label = Trackme Smart Status
is_custom = 1
payload_format = json
icon_path = alert_trackme.png
param.tenant_id = $result.tenant_id$
param.object_category = $result.object_category$
param.object_name = $result.object$

[trackme_auto_ack]
python.version = python3
description = Perform an automatic acknowledgement of an entity triggering
label = TrackMe auto acknowledge
is_custom = 1
payload_format = json
icon_path = alert_trackme.png
param.ack_period = 86400
param.ack_type = unsticky

[trackme_free_style_rest_call]
python.version = python3
description = Performs a rest call to any TrackMe REST API endpoint
label = TrackMe free style rest call
is_custom = 1
payload_format = json
icon_path = alert_trackme.png
param.http_mode = get

[trackme_notable]
python.version = python3
description = Generates a TrackMe notable event
label = TrackMe notable event
is_custom = 1
payload_format = json
icon_path = alert_trackme.png
param.title = $name$
param.drilldown_root_uri =
param.drilldown_earliest = -24h

[trackme_stateful_alert]
icon_path = alert_trackme.png
python.version = python3
is_custom = 1
payload_format = json
label = TrackMe stateful alert
description = Create a TrackMe Stateful Alert
param.delivery_target = emails_and_ingest
param.environment_name = Splunk
param.email_account = 
param.email_recipients = 
param.email_send_update_if_ack_active = 1
param.orange_as_alerting_state = 0
param.generate_charts = 1
param.theme_charts = dark
param.drilldown_root_uri = 
param.commands_mode = streaming
param.commands_opened = 
param.commands_updated = 
param.commands_closed = 
param.auto_ack_enabled = 1
param.auto_ack_period = 86400
param.auto_ack_type = sticky