How to create a DTS Alert

CYBERQUEST alerting is highly customizable per user. Alerts can be defined to respond to specific events, improving accuracy and reducing false positives. Data Transformation Service (DTS) parses data and generates real‑time alerts.

Follow the steps to create a new DTS alert:

Authentication

To access the web interface, open a web browser and type the application's address or DNS name. The default address initially assigned to the web interface is: https://CyberquestIPAddress (example).

The browser automatically redirects to CYBERQUEST's authentication page:

Login page

Navigate to Alerts

From Settings, select Alerts > Realtime. The Realtime page opens:

Realtime alerts page

Create new alert definition

On the Alerts page, click CREATE ALERT to create a new DTS alert.

Create new alert definition

The definition form opens.

Alert definition form

Alert Name: Name of the new alert.

Alert Active: Select ALERT ACTIVE to enable; clear to disable.

Sent as Alert: When cleared, the alert remains active but produces no user‑visible notification. Use to correlate anomalies across events, triggers, and alerts.

Has Action: Enable to associate a script executed on trigger. Click Actions Parameters to open Script Editor and define the action.

Example: forward alert payload to an HTTP API

var httpParameters = {
headers:{
"Content-Type": "application/json",
"Accept": "application/json",
},
};

let requestContent = Event.getAsJSON(Event);
let requestUrl="http://127.0.0.1/myapi";
var output = CQ.Communications.HttpRequest.post(requestUrl, requestContent, httpParameters);

The script forwards the alert to another HTTP API.

Notification Template: Select a built‑in or custom template. Default is "Default notification".

Rule Settings defines rule logic using field, report, and correlation conditions joined by AND, OR, and NOT.

Each rule has:

Description: Text describing the rule.

Add field condition: In Select Field, choose an event field; select a value operator; enter the value.

Add report condition: Select a report from existing reports.

Delete: Removes the condition.

When a rule condition is added, a logical operator is automatically added for correlation to the previous condition. The default operator is AND; toggle to OR as needed. Enable NOT to negate a condition when required.

Click Save to create the alert.