Create or edit an alert rule Select the conditions that an alert must match for the rule to apply, and configure actions that the rule can execute for matching alerts. Before you beginRole required: evt_mgmt_admin About this task You can configure the alert rule to: Use an overwrite alert template to automatically modify alert field values before creating or updating an alert. Use a task template to automatically generate resolution tasks based on alert values, before the alert is created or updated. Automatically generate and link incidents, tasks, or knowledge articles to alerts. Automatically apply a remediation workflow or let users manually run remediation. Note: If more than one alert rule can apply to an alert, if the alert rules resolve the alert with the same action, then only one alert rule is applied, according to order. However, if each of the rules resolves the alert with a different action, then each of these rules apply. For example, if one alert rule creates a KB and another alert rule creates an incident, then both alert rules are applied. Procedure Navigate to Event Management > Rules > Alert Rules. Click New or select an alert rule to edit. Fill in the fields, as appropriate. Table 1. Alert Rule form Field Description Name A name to identify the alert rule. Active A check box to activate the rule. Alert filter The conditions that an alert must meet for the rule to apply. Use the condition builder to construct the rule. Order The priority for rule evaluation. Rules with lower-order values are given priority. An alert is checked against every alert rule until a match is found. Action tab Auto acknowledge A check box to enable automatic acknowledgment of the alert. An acknowledged alert indicates that a user is aware of the issue. If this check box is cleared, users must manually acknowledge the alert. Overwrite alert template The template that is used to overwrite alert values before additional resolution updates occur. Knowledge article A link to the knowledge base article that contains additional information to help resolve the alert. Auto open A check box to automatically open a task, such as an incident, change, or problem. Type The type of task to create and attach to the alert. For example, if Problem is selected, a problem task is generated with information from the alert. Task template The template that assigns actions to the task Type. For example, a task template can assign a person or group to address a Problem task. When a Type is selected, the template applies regardless of the Auto open setting in the alert rule. For example, the template can apply to manual or auto-generated tasks as long as an alert rule applies to the alert. Remediation tab Enable remediation The check box to enable remediation with an Orchestration workflow. Execution Whether the workflow selected in the Orchestration workflow field is automatically invoked or users can invoke it manually. Orchestration workflow If the Enable remediation check box is selected, the remediation workflow runs. Click Submit or Update.