Create or edit an alert rule

Select the conditions that an alert must match for the rule to apply, and configure actions to be executed by the rule for matching alerts.

Before you begin

To enable remediation, create the workflow to remediate CIs. In the workflow settings, select Remediation Task [em_remediation_task] in the Table field. After you finish configuring the workflow, make sure you publish it.

Role required: evt_mgmt_admin

About this task

You can configure the alert rule to do the following:
  • Use an overwrite alert template to automatically modify alert field values before creating or updating an alert.
  • Use a task template to automatically generate resolution tasks based on alert values, before the alert is created or updated.
  • Automatically generate and link incidents, tasks, or knowledge articles to alerts.
  • Automatically apply a remediation workflow or let users manually run remediation.

Procedure

  1. Navigate to Event Management > Rules > Alert Rules.
  2. Click New or select an alert rule to edit.
  3. Fill in the fields, as appropriate.
    Table 1. Alert Rule form
    Field Description
    Name A name to identify the alert rule.
    Active A check box to activate the rule.
    Alert filter The conditions that an alert must meet for the rule to apply. Use the condition builder to construct the rule.
    Order The priority for rule evaluation. Rules with lower order values are given priority. An alert is checked against every alert rule until a match is found.
    Action tab
    Auto acknowledge A check box to enable automatic acknowledgment of the alert. An acknowledged alert indicates that a user is aware of the issue.

    If this check box is cleared, users must manually acknowledge the alert.

    Overwrite alert template The template that is used to overwrite alert values before additional resolution updates occur.
    Knowledge article A link to the knowledge base article that contains additional information to help resolve the alert.
    Auto open A check box to automatically open a task, such as an incident, change, or problem.
    Type The type of task to create and attach to the alert. For example, if Problem is selected, a problem task is generated with information from the alert.
    Task template The template that assigns actions to the task Type. For example, a task template can assign a person or group to address a Problem task.

    When a Type is selected, the template applies regardless of the Auto open setting in the alert rule. For example, the template can apply to manual or auto-generated tasks as long as an alert rule applies to the alert.

    Remediation tab
    Enable remediation The check box to enable remediation with an Orchestration workflow.
    Execution Whether the workflow selected in the Orchestration workflow field is automatically invoked or can be manually invoked by users.
    Orchestration workflow The remediation workflow to run if the Enable remediation check box is selected.
  4. Click Submit or Update.