Create New Incident Policy Rule
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
-
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
-
-
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades
Create New Incident Policy Rule
Let us learn to create a new incident policy rule.
- Create a new incident policy rule.
- Select Incidents & AlertsSettings.Select an incident policy set and click + Add Rule.Enter a name for the new incident policy rule with a (optional) description and (optional) tags.Specify the order for the execution of the rule.If an order number is not specified, the rule won't be executed.To disable the rule, select the check box.Click Next to set the matching criteria.Configure the Match Criteria.
- Select a Resource Type from the available options and click Done.The incident policy rule is applied to all incident codes that are associated with the selected resources.(Optional) Select Resource Type from the drop-down and click Submit.Filter the resources by the resource ID or name. When no resources are selected, the rule applies to all the resources associated with the selected resource type.(Optional) Select Specific Resources from the drop-down that are related to the Resource Type selected.(Optional) Select Sub-Type from the drop-down.These sub-types are related to the selected Resource Type.(Optional) Select Event Codes and click Done.Filter incident codes based on Category. The following categories are available to filter incidents: Application, AAA (Auth), Device, Network, Policy, and Spoke HA Groups.Click Next to configure a schedule.Configure a Schedule.
- Select Yes or No to apply this rule using a schedule.Set the Start Date and End Date in the format, MM/DD/YYYY HH/mm.Click Next to configure the actions.Configure Actions.
- Select Yes to suppress the rule or No to unsuppress the rule.Default option leads to the default behavior of the system generated incident.Select the priority for the rule from the range, Priority 1 (P1), through Priority 5 (P5) from the drop-down.The priority of the incident can be changed to align with your business requirements. For example, a P2 incident can be raised in priority to P1 in order to notify about the incident.Configure dampening parameters for event suppression.
- Select Yes to suppress the rule or
No to unsuppress the rule under
Suppress.The Default option leads to the default behavior of the system generated incident.
- Enter a Duration and
Unit for the dampening
interval.This can range from 5 minutes to 7 days.A Yes for Suppress ensures that the incident is suppressed till the end of the dampening interval. The incident will be unsuppressed after the dampening interval is over, if the incident has not cleared at the end of the dampening interval.The dampening interval applies only to incidents and not to alerts.
Configure the Escalation Rules.- Configure the Standing Rule by specifying the Standing Time Threshold value in minutes, hours, or days as the unit and specify if a priority change is required, if the incident persists beyond the defined interval.The Priority for the standing rule can be selected from the range, Priority 1 (P1) through Priority 5 (P5), from the drop-down.Configure the Flap Rule by specifying the Flap Rate in the range (2-512) and the Flap Duration value in minutes, hours, or days as the unit.When the matched resource flaps beyond a rate, within the defined interval, then a new system generated incident, Flap Rate Exceeded, is generated that notifies the change.Click Save & Exit.