As alerts generate, you can view more information about them, acknowledge them, and take action to resolve them.

Alert process flow

Actions are taken on alerts according to this process flow.

  • Match the alert management rule to an alert.
    • If the source of the event matches the source specified in an existing rule, then a rule is matched. You can define any kind of condition, on the source of the alert or any other field, and combination of fields.
    • If multiple alert management rules are defined for the same type of alert, use the rule Order to determine the order of rule application.
  • Match the alert correlation rule to an alert.
Figure 1. Alert process flow
Event Management process flow

Task/Incident fields that are populated from the alert by default

  • alert.description is copied to incident.short_description and incident.description
  • alert.cmdb_ci is copied to incident.cmdb_ci
  • alert.severity is transformed into incident.urgency

For automatically opened incidents:

  • Alert value is copied to incident.contact_type
  • sys_user value is copied to incident.caller_id

Business Rules/Jobs that perform the alert processing actions

ActionName of Business Rule/JobType
Apply alert template Apply overwrite rule and validate Business rule
Open incident Event Management - create/resolved incidents by alerts Scheduled job
Fill KB Event Management - create/resolved incidents by alerts Scheduled job
Acknowledge Event Management - create/resolved incidents by alerts Scheduled job
Remediation Run automatic remediation actions Business rule
Reopen incident Reopen associated closed incident Business rule
Close Alert by closed incident Event Management - create/resolved incidents by alerts Scheduled job
Close incident by closed Alert Close associated incident Business rule