Create New Incident Policy Rule
Table of Contents
Expand all | Collapse all
Create New Incident Policy Rule
Let us learn to create a new incident policy rule.
- Create a new incident policy rule.
- Select.Incidents & AlertsSettings
- Select an incident policy set and click+ Add Rule.
- Enter a name for the new incident policy rule with a(optional)description and(optional)tags.
- Specify the order for the execution of the rule.If an order number is not specified, the rule won't be executed.
- To disable the rule, select the check box.
- ClickNextto set the matching criteria.
- Configure theMatch Criteria.
- Select aResource Typefrom the available options and clickDone.The incident policy rule is applied to all incident codes that are associated with the selected resources.
- (Optional)SelectResource Typefrom the drop-down and clickSubmit.Filter the resources by the resource ID or name. When no resources are selected, the rule applies to all the resources associated with the selected resource type.
- (Optional)SelectSpecific Resourcesfrom the drop-down that are related to theResource Typeselected.
- (Optional)SelectSub-Typefrom the drop-down.These sub-types are related to the selectedResource Type.
- (Optional)SelectIncident Codesand clickDone.Filter incident codes based on Category. The following categories are available to filter incidents: Application, AAA (Auth), Device, Network, Policy, and Spoke HA Groups.
- ClickNextto configure a schedule.
- Configure aSchedule.
- SelectYesorNoto apply this rule using a schedule.Set theStart DateandEnd Datein the format, MM/DD/YYYY HH/mm.
- ClickNextto configure the actions.
- ConfigureActions.
- SelectYesto suppress the rule orNoto unsuppress the rule.Default option leads to the default behavior of the system generated incident.
- Select the priority for the rule from the range,Priority 1 (P1), throughPriority 5 (P5)from the drop-down.The priority of the incident can be changed to align with your business requirements. For example, a P2 incident can be raised in priority to P1 in order to notify about the incident.
- Configure dampening parameters for event suppression.
- SelectYesto suppress the rule orNoto unsuppress the rule underSuppress.TheDefaultoption leads to the default behavior of the system generated incident.
- Enter aDurationandUnitfor the dampening interval.This can range from 5 minutes to 7 days.AYesforSuppressensures that the incident is suppressed till the end of the dampening interval. The incident will be unsuppressed after the dampening interval is over, if the incident has not cleared at the end of the dampening interval.The dampening interval applies only to incidents and not to alerts.
- Configure theEscalation Rules.
- Configure theStanding Ruleby specifying theStanding Time Thresholdvalue in minutes, hours, or days as the unit and specify if a priority change is required, if the incident persists beyond the defined interval.ThePriorityfor the standing rule can be selected from the range,Priority 1 (P1)throughPriority 5 (P5), from the drop-down.
- Configure theFlap Ruleby specifying theFlap Ratein the range (2-512) and theFlap Durationvalue in minutes, hours, or days as the unit.When the matched resource flaps beyond a rate, within the defined interval, then a new system generated incident,Flap Rate Exceeded, is generated that notifies the change.
- ClickSave & Exit.