# What are Alerts? Alerts are a configurable action in Aiceberg that automatically sends security findings to your connected SIEM when specific signals are detected. This enables real-time threat intelligence and seamless integration with your existing security operations workflows. ## When Alerts are Sent When you have a SIEM integration configured, Aiceberg will automatically send alerts to your SIEM for any signal where "Alert" is configured in the Profile. Learn more about configuring Profile actions in [How are Profiles Configured](/inventory/what-is-the-inventory/what-are-profiles/how-are-profiles-configured.md). ## Alert Structure Alerts are sent as "security findings" events and include the following information. ### Core Event Data * `activity_id`: Unique identifier for the activity (set to 1) * `metadata.product`: Source platform (set to "Aiceberg") * `severity_id`: Severity level (currently defaults to 4; future versions may allow per-signal severity customization) * `state_id`: Action state—1 for monitored events, 4 for blocked events * `type_uid`: Event type identifier—200101 for monitored events, 200103 for blocked events ### Finding Object * `title`: "AI Interaction Flagged" * `uid`: The prompt or event ID * `description`: JSON object containing: * `signal_type`: The type of signal that triggered the alert * `profile_id`: The Profile identifier * `profile_name`: The Profile name * `api_key_name`: The API key used for the interaction * `user_id`: The user identifier * `src_url`: Direct link to the AI interaction details in Aiceberg ### Additional Context Alerts may also include: * Use case ID * Session ID * Actions taken (blocked or modified) * Mode (API or Cannon) * Timestamp of the event {% hint style="info" %} Alert Direction: Alerts flow one-way from Aiceberg to your SIEM. Your SIEM cannot write back to Aiceberg or trigger actions within the platform. {% endhint %} Read more about Integrations [here](/tools/what-are-integrations.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.aiceberg.ai/signals/what-are-alerts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.