Create New Incident Policy Rule

Create a new incident policy rule.
Select
Incidents & Alerts
Settings
.
Select an incident policy set and click
+ Add Rule
.
Enter a name for the new incident policy rule with a
(optional)
description and
(optional)
tags.
Specify the order for the execution of the rule.
If an order number is not specified, the rule won't be executed.
To disable the rule, select the check box.
Click
Next
to set the matching criteria.
Configure the
Match Criteria
.
Select a
Resource Type
from the available options and click
Done
.
The incident policy rule is applied to all incident codes that are associated with the selected resources.
(Optional)
Select
Resource Type
from the drop-down and click
Submit
.
Filter the resources by the resource ID or name. When no resources are selected, the rule applies to all the resources associated with the selected resource type.
(Optional)
Select
Specific Resources
from the drop-down that are related to the
Resource Type
selected.
(Optional)
Select
Sub-Type
from the drop-down.
These sub-types are related to the selected
Resource Type
.
(Optional)
Select
Incident Codes
and click
Done
.
Filter incident codes based on Category. The following categories are available to filter incidents: Application, AAA (Auth), Device, Network, Policy, and Spoke HA Groups.
Click
Next
to configure a schedule.
Configure a
Schedule
.
Select
Yes
or
No
to apply this rule using a schedule.
Set the
Start Date
and
End Date
in the format, MM/DD/YYYY HH/mm.
Click
Next
to configure the actions.
Configure
Actions
.
Select
Yes
to suppress the rule or
No
to unsuppress the rule.
Default option leads to the default behavior of the system generated incident.
Select the priority for the rule from the range,
Priority 1 (P1)
, through
Priority 5 (P5)
from the drop-down.
The priority of the incident can be changed to align with your business requirements. For example, a P2 incident can be raised in priority to P1 in order to notify about the incident.
Configure dampening parameters for event suppression.
Select
Yes
to suppress the rule or
No
to unsuppress the rule under
Suppress
.
The
Default
option leads to the default behavior of the system generated incident.
Enter a
Duration
and
Unit
for the dampening interval.
This can range from 5 minutes to 7 days.
A
Yes
for
Suppress
ensures that the incident is suppressed till the end of the dampening interval. The incident will be unsuppressed after the dampening interval is over, if the incident has not cleared at the end of the dampening interval.
The dampening interval applies only to incidents and not to alerts.
Configure the
Escalation Rules
.
Configure the
Standing Rule
by specifying the
Standing Time Threshold
value in minutes, hours, or days as the unit and specify if a priority change is required, if the incident persists beyond the defined interval.
The
Priority
for the standing rule can be selected from the range,
Priority 1 (P1)
through
Priority 5 (P5)
, from the drop-down.
Configure the
Flap Rule
by specifying the
Flap Rate
in the range (2-512) and the
Flap Duration
value in minutes, hours, or days as the unit.
When the matched resource flaps beyond a rate, within the defined interval, then a new system generated incident,
Flap Rate Exceeded
, is generated that notifies the change.
Click
Save & Exit
.