- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2024 01:35 AM
Hello Community,
I'm trying to make multiple correlations rules but I would like them to be able to interact with each other.
For example :
1) Rules Based :
- Primary -> Host_Check alerts (ping KO for a CI).
- Secondary -> Any others alerts on the same CI.
2) Tag Cluster :
- Any Host_Check alerts with same CI Location.
I know that correlations rules have only one level. But if the first correlation is active on a CI, when an alert is created on a second CI and match correlation rule n°2, I want the alerts attached to it.
Maybe for correlation n°2 another method exists ?
Should i use a script in advanced mode ?
Thank you.
Joseph
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2024 01:23 AM
Hi,
I found a simpler solution by adapting the example in this article :
I use the same type of correlation (Rules-Based) for the HOST_CHECK and for the location. So the priority rules work as desired. I still have to do quite a bit of testing but it looks good.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2024 01:23 AM
Hi,
I found a simpler solution by adapting the example in this article :
I use the same type of correlation (Rules-Based) for the HOST_CHECK and for the location. So the priority rules work as desired. I still have to do quite a bit of testing but it looks good.
