Rules and Actions

Rules and Actions are required for automatic processing of Acure integral events.

Reference

Before configuring Rules and Actions, create a mailing list for event notifications. More details here.

• Creating a Rule
  • Condition parameters
  • Examples of rules and processing logic
• Creating an action
  • Event confirmation
  • Editing notification template for Actions
  • Editing Script run variables
• Linking a Rule to an Action
• Cloning Rules and Actions

Creating a Rule

To create a rule, do the following:

1. Go to the section Rules&Actions through the main menu.
2. Press the "Add" button in the Rules block.
3. Fill in the fields:
   • Name
   • Workgroup - the rule will belong to the specified workgroup
   • Status - Enable or Disable the rule
4. Click "Add condition" or "Add block of conditions" - the constructor of conditions for Rules will open.

Reference

"Add condition" - one boolean condition is added to the constructor. "Add block of conditions" - a set of conditions combined with the logical operators AND and OR is added to the constructor.

Warning

Check of an integral event is performed according to "Rules&Actions" of the Workgroups that have access to the "Synthetic trigger" in which this integral event occurred.

Condition parameters

When setting up a condition, you can use the following Parameters:

• Event CI (List) – the condition is met if the CI on which the event occurred corresponds to one of the specified in the parameter.
• Event CI (Map) – the condition is met if an event is generated for at least one of the CIs included in the selected SM Map (at the time of the event formation, the CI must meet the conditions for being included the SM Map).
• Event parent CI - the condition will be fulfilled if the CI for which the event occurred is subordinate to the one specified in the parameter.
• Impact graph - the condition will be fulfilled if the CI, according to which the event occurred, is one of the vertices of the graph, in which the root vertex is the CI specified in the parameter. Supports features:
  • Listed - it is enough to match only one of those CIs specified in the Value field.
  • All listed - the match must be made for all of the CIs values ​​specified in the Value field.
• Event priority - the condition will be fulfilled if the priority of the integral event corresponds to that specified in the parameter. Supports features:
  • Equal - the priority of the event must be equal to Value.
  • Not equal - the priority of the event must not be equal to Value.
  • Higher - the priority of the event must be higher or equal to Value.
  • Lower - the priority of the event must be lower or equal to Value.
• CI work mode - the condition is met if Status of the CI for which the event occurred corresponds to the one specified in the Value field. Supports features:
  • Listed - it is enough to match only one of those CIs specified in the Value field.
  • All listed - the match must be made for all of the CIs values ​​specified in the Value field.
• Event source - the condition is met if the synthetic trigger that generated the integral event matches the value specified in the Value field.
• Trigger name the condition is met if the name of the synthetic trigger that generated the integral event matches the name specified in the Value field.
• Trigger status - the condition is fulfilled if Status of the trigger that generated the integral event corresponds to the one specified in the Value field. Supports features:
  • Listed - it is enough to match only one of those CIs specified in the Value field.
  • All listed - the match must be made for all of the CIs values ​​specified in the Value field.

Reference

Using the parameters Event parent CI and Impact graph does not take into account CIs used as values. If it is necessary to process the specified CI by the rule, you need to add the Event CI parameter.

Examples of rules and processing logic

1. The rule is considered fulfilled when the following conditions are met:

   Event CI is *MPKO*
   AND
   (CI work mode is *Emergency - 1-st priority* 
   OR 
   CI work mode is *Regular*)
   AND
   (Event priority is *1-Critical*
   OR
   Event priority is *2-High)
   

   

2. Similar to the first example, but replacing the first block of conditions with one condition. The rule is considered fulfilled when the following conditions are met:

   Event CI is *MPKO*
   AND
   (Event priority is *1-Critical*
   OR
   Event priority is *2-High*)
   AND
   CI work mode is NOT *Maintenance*
   

   

   Reference

   If the set Maintenance mode has ended, and the conditions of the rule continue to be met, then the corresponding action will be taken.

3. The rule is considered fulfilled when the following conditions are met:

   Event priority is *3–Middle*
   AND
   Event CI is in the list
   

   

Creating an action

1. Go to the Actions block on the same page.

2. Click the "Add" button.

3. Fill in the fields:

   • Name
   • Workgroup - the action will belong to the specified workgroup
   • Status - Enable or Disable the action

4. Press "Add operation" - the constructor of operations for Actions will open:

   • Operation types:

     • Notification - notification of operators on the mailing lists specified in the Value field.
     • Script execution - launch of the Automation Script specified in the Value field.

   • Value - is pulled up based on the Workgroup and Operation type.

   • Start/Confirmation/End of event - the operation must be performed at the beginning of the event, its confirmation or its end.

   • Activity time - select the time when no event processing operations are required:

     • Every day - the operation will be performed on the specified days of the week, regardless of the production calendar.
     • Non-working days - the action will be processed on the selected days of the week if it is a holiday or weekend.
     • Working days - the action will be processed on the selected days of the week if it is a working day according to the production calendar.

   • Message constructor - set your own text for notification by e-mail, messengers or for registration of an incident in HPSM.

   • Postpone - postpone the operation for the specified interval, if the event will still be active after the specified amount of time the operation will be performed.

   • Checking an open incident - check for an incident already registered by Rule, CI or Source - if there is an open incident, information on repeated events will be added.

   Reference

   Information about the event closure is automatically added to the generated incident.

   If IM is blocked by one of the users of the HPSM system, the information will not be added.

   The display of the StartDate and EndDate fields on the screen forms depends on the direction settings. Information can be displayed in the tabs Additional information, Agreements, etc.

Event confirmation

Event confirmation - is used if there is a need for automatic processing for all primary events related to a synthetic trigger only after it switches to the problem state.

Processing Event Confirmation:

1. Event is processed as new,
2. No processing at the end,
3. The time stamp of the event is set to the time the event entered Acure,
4. The link to the event does not change, it is pointing to the first event of the incident.

The parameter is turned on in the Actions edit section.

The parameter is included for each Operation type separately, that is, it is possible to perform a part of actions from a set of Actions.

Limitations on the use/triggering of the function:

1. The parameter is used with synthetic triggers, the trigger condition of which includes several primary monitoring events.

   `lua _labels.type = 'Zabbix' AND _stream.id = 1 AND (source.trigger.id = '40168' OR source.trigger.id = '40169'),

2. The parameter is used for synthetic triggers for processing events from a primary monitoring system in which there is a possibility to resend a message on an active event.

3. The rule for generating such events should not contain a check for receiving an event with the current status. This check is present in templates for Zabbix and SCOM.

Editing notification template for Actions

You can customize the text of notifications:

1. Go to the Rules&Actions section in the main menu.

2. Select Action from the list of available ones or create a new one.

3. Press the "✉️" button - the editor will open.

4. In Message constructor edit the notification text using Macros inside the text - for this you need to select the one you need from the proposed list and it will automatically appear in the text.

Editing Script run variables

When launching automation scripts, it is possible to pass "Macros" to script run variables.

Script run variables are defined on the configuration page of the script.

Description of Macros: Objects and Attributes

Object	Attribute
plEvent Primary event from the monitoring system	_id - event id _connector - event source source - information about the primary event
smTrigger Synthetic trigger	id - id of synthetic trigger link - link to synthetic trigger name - synthetic trigger name description - synthetic trigger description status - current status of the synthetic trigger
smProblem Synthetic trigger status change event	id - event id link - link to event name - object instance name startclock - start time endclock - end time duration - event duration / synthetic trigger activity labels - attribute group from the rule method setTriggerStatus(…, …)
rsmCI Configuration items (CIs)	link - link to the CI card name - CI name
smRule Rule	id - rule id link - link to the rule name - rule name
smAction Action	id - action id link - link to the action name - action name

Attention

Please note that a non-existent macro, for example, plEvent.source.trigger.revealedComments will substitute the value no information in the notification.

5. After composing the text of the message (it is possible to change the text for both the beginning and the end of an event) click "Save" to save it.

Linking a Rule to an Action

To link Rules and Actions, reopen the created Rule and in the Actions field enter the Action name.

You can attach several Actions to one Rule, and similarly to one Action you can attach several Rules.

Cloning Rules and Actions

If you create a set of the same type of Rules or Actions, you can use cloning to speed up the process.

To clone Rules or Actions select an existing object and switch to the editing mode. On the top bar, click the "Clone" button.

When pressed, a new object is created, identical to the original one, and the word Copy is added to the name of the object.

After saving the new Rule or Action, it is added to the general list, while the original object remains unchanged.

Reference

When cloning Rules, the new rule will be associated with the same Action as the original, and vice versa for cloning Actions.