Actions are executed as the result of a correlation rule being evaluated, and you can access them using the right-click menu on the alert console and execute them directly against the selected alert. Click the Actions tab to create actions that you can use to automatically address various conditions detected by the system. Using this tab and its graphical rule builder, you name, describe, and configure actions. You can also create action groups to which you add actions to create a batch of actions that can be run at one time.
To create an action:
Click the Actions tab.
Complete the steps illustrated below:
In step 4 above, action types include:
Add entity alias - Adds an entity alias
Assign Alert - Assigns the alert to the specified user or user group
Assign to Next - Used with an escalation call order and an SLA to manage escalations.
AWS Simple Notification Service - Allows users to send SMS messages to mobile phones; currently, due to AWS constrains, this is limited to US mobile numbers only.
Create Event - Generates an internal ECM event using the System connector.
Create Incident - Creates a ServiceNow® incident using the specified parameters
Create Maintenance Window - Creates a maintenance window of the specified length in hours. You can define a maintenance window for an alert's entity or for the entity group of the alert's entity. The maintenance window duration is derived from the alert's maintenance_period event token. If the event token is not present, the default duration is used.
Delete Entity - Deletes and entity. Executable from rules.
External Script - Runs the specified external script with the specified parameters
Merge Alerts - Merges alerts as part of a Correlation or SLA rule. This action can execute on one or more alerts, however, note that the Lead Alert criteria should match one and only one alert because an alert cannot be mapped to more than one alert.
Move to Alert Group - Moves qualifying alerts to a new or existing alert group.
Open URL - Opens the specified web address that you can build using parameters
Send Email - Sends an email to the specified recipient.
Send HTTP Request - Send an HTTP GET request to a web server identified by the URL. The URL can be dynamically computed from a template that contains alert fields and static text or extracted directly from a custom alert field of type URL or from an alert variable.
Update Alert Custom Field - Clears or updates the value of an alert’s custom field after it has been set during the categorization process
Update Description - Updates the informational message
Update Entity Custom Field - Clears or updates the value of an entity's custom field
Update Incident - Updates one or more fields of the Custom Incident Connector, Salesforce or ServiceNow® incident linked to an alert. The new values can be static fields or dynamic fields using the different alert fields.
Update Priority - Updates the priority to the chosen value
Update SCOM 2012-2016 Alert - Updates the Owner, Ticket ID and Resolution State fields of an SCOM 2012 alert
Update Severity - Updates the severity to the chosen value
Zenoss Annotate Event - Annotates a Zenoss event with explanatory text.
This action updates the severity to the chosen value. Values include:
Critical
Major
Minor
Warning
Informational
Clear
Increase Severity - Increases severity one degree
Decrease Severity - Decreases severity one degree
Default Severity - Sets the severity to the default value
Trigger Alert Severity
You can update the priority by selecting from a list or by populating it from an external application.
From a list:
From an external application:
You can clear or update the value of an alert’s custom field after it has been set during the categorization process. You can even extract data from the custom field to update it, or update it using an external application. When updating an alert's custom alert list field that has dependent custom fields, ECM clears all the dependant custom field values.
Also, if an action that updates a custom field with value "A" is fired against an alert that has already value "A" on that custom field, then ECM will not update the alert, which means there will be no update in the database and no workflow triggered.
To update an alert's custom field:
If you select Use an External Application, then configuring the external application is very similar to the process shown in Running_an_External_Script.
If you select Update Field, then configure the action as illustrated below, and then click Save:
You can clear or update the value of an entity's custom field. You can even extract data from the custom field to update it, or update it using an external application. This process is very similar to the process of updating an alert's custom field. See Updating Alert's Custom Field.
To configure the external script:
Creates a ServiceNow® incident using the specified parameters.
To configure this action:
If you select Constant Value in step 4 above, then you can add the constant value, including connector tokens, as shown below:
If you select the Edit incident field values when executing in the Alerts Console option, then when a user executes the action in the Alerts Console, a window appears with the current values, allowing the user to change them before triggering the alert. See Inserting Incidents for how that works in the Alerts Console.
The Update Incident value updates JIRA, ServiceNow®, SalesForce and External Incident Connector incidents. Note that the action can append values rather than overwrite values when making updates:
If you select Constant Value for the Value Source, then you can add a constant value similarly to as described in the section, Creating an Incident.
This action sends an email to the specified recipient. You an create multiple email actions that act as email templates designed for different occurrences. The Send email action supports CSS declarations, and you can use logged in user, event, entity, and connector variables to add dynamic values to the To, From, and Body Fields.
Note: You need to configure a mail connector to enable the Send Email action to send emails.
To configure the Send Email action:
Note that use of connector -specific event variables in filters will only work for actions carried out on arriving events (not on existing alerts).
Configure the email fields, and then click Save:
Select Do not send email to logged in user to not send an email to the user triggering the action.
Select Process the list of alerts in batch (send one email) to send just one email encompassing all the qualifying alerts.
To include CSS styles in the email template, use double braces {{}} to escape the braces enclosing the CSS style declarations.
Enable Use system default mail editor (e.g. Outlook or Mail) to invoke your default email editor when sending an email
The action is a simple queue service with multiple destinations. A topic defines a new queue and endpoints can be added to that queue as subscribers. The endpoint does not have to use the SMS protocol, but for the purposes of this action, only valid SMS endpoints are allowed. The RightITnow ECM action name directly maps to an AWS SNS topic and the RightITnow ECM telephone numbers map to AWS subscribers. AWS SNS truncates messages to 150 characters to fit into single texts.
This action moves qualifying alerts to a new or existing alert group. See Grouping Alerts for more about alert groups. You can configure the Move To Alert Group action in two ways:
Static Based Creation/Moving of Groups
In the action definition, you choose from a list of all existing alert groups into which an incoming alert can move. If an alert group does not exist, you can enter a name for the new alert group:
Alert Token Based Creation/Moving of Groups
You can specify an alert field to be the name of the group to which the incoming alert should belong. For example in the action configuration tab you can specify that the alert group should be called:
group_[alert.severity]
This might potentially create the following groups: group_critical; group_major;
Use the Assign to Next action type with escalation call orders and SLAs to automatically handle escalations.
The process is as follows:
RightITnow ECM includes actions for use with the following external third-party systems:
To enable the SCOM actions, refer to the SCOM Connector for RightITnow Guide available from your RightITnow representative.
SCOM actions include:
Add a comment to an alert: This adds a new comment to the SCOM alert's history.
Close an alert: Sets a SCOM alert's status to Closed.
Update the ticket ID of an alert: Adds the specified ticket ID to the SCOM alert (this is a free text field in SCOM).
Update the owner of an alert: Adds the specified owner to the SCOM alert (this also is a free text field in SCOM).
Acknowledge in SolarWinds: This is a predefined read-only action in RightITnow that acknowledges all the SolarWinds alerts and events underlying a RightITnow alert.
Unmanage Node or Interface: This is a predefined read-only action in RightITnow that configures SolarWinds to stop polling all the SolarWinds nodes and interfaces underlying a RightITnow alert. If not cancelled by the action Remanage Node or Interface, unmanage remains in effect for a maximum of 1 month, and then SolarWinds will start polling the data again.
Remanage Node or Interface: This is a predefined read-only action in RightITnow that configures SolarWinds to start polling all the SolarWinds nodes and interfaces underlying a RightITnow alert.
Show Alert Details in SolarWinds: This is a predefined read-only action in RightITnow only available in the alert context menu. It opens the details of the RightITnow alert's entity in SolarWinds.
RightITnow ECM includes the following built-in VMware actions:
You can use these actions:
With correlations
Called from the context menu
In the VMware Browser
You can create an action group that consists of a group of actions that execute in a batch. For example, you could create an action group that closes an alert and sends an email that the alert is closed.
To create an action group:
Click the Actions tab.
Complete the steps illustrated below:
The Actions tab includes information about where ECM uses actions and action groups.
To view where ECM uses actions and action groups:
