Create Respond automation

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read

    • Respond to alerts automatically by notifying appropriate stakeholders, escalating them as needed, or executing response actions. Determine escalation criteria based on severity or type. Integrate with third-party systems to create cases, send notifications, or initiate remediation actions. This process ensures that alerts are managed promptly and effectively.

    Before you begin

    Role required: evt_mgmt_admin or srm_responder

    About this task

    For users familiar with the classic Event Management experience, this provides an easier interface with enhanced team support for creating alert management rules. Alert management rules offer advanced features currently only available to administrators.

    Procedure

    1. Navigate to Workspaces > Service Operations Workspace.
    2. In the primary navigation, select the Alert Automation icon (Alert automations icon).
    3. On the Alert automations page, select Respond.
    4. Select Create automation.
      The Respond page appears.
      Respond automation page from where you can create automation to remediate action on alerts, escalate alerts or notify stakeholders.
    5. In the Automation name field, enter the name of the automation.
    6. Activate the automation by selecting the Active check box.
    7. In the If these conditions are met section, create filter criteria to identify the events you want to capture.
      Important:
      You can limit respond automations to primary alerts to prevent secondary alerts from being overwhelmed by unnecessary noise. Ensure these automations are applied only to alerts associated with CIs that are not currently undergoing maintenance.
      Respond automation conditions
      1. From the Assignment group field menu, select the assignment group to determine which team’s alerts will trigger the automation.

        The Assignment group represents a specific team responsible for handling certain alerts. By selecting an assignment group, you ensure that only the alerts assigned to that particular team will trigger the automation. This way, the automation is targeted and only activates for relevant alerts associated with the selected team.

        Note:
        • If you’re logged in to the instance with an administrator role (evt_mgmt_admin), all of the assignment groups are available. Additionally, you can select All groups to enable generating alerts for any of the available groups.
        • If you’re an operator, only the group you’re a part of is available.
        • Only members of the selected group or administrators can update or delete the automation.
      2. For the Parent field value, select whether the alert for which you want a response is grouped under a parent alert.
      3. For the Maintenance field value, select whether the alert for which you want a response is under maintenance.

      4. To add another set of conditions, select + New condition set. You can also manually add an additional info field if you don’t see it in the drop-down list.

        Set up the conditions by selecting the field, operator, and field value. Then, add more conditions using OR or AND operators.

    8. In the Then, apply the following actions section, select one or both of the automation actions that can be triggered by the automation.
      Respond automation actions
      ActionDescription
      Create an incident Creates an incident for the alerts that match the specified filter.

      For details on mapping the alert fields to the incident fields, see Alert field mapping on the Respond page.

      To include additional fields in the incident, select + Add.
      Use outbound webhooks to send data to other systems

      Sends notifications to other systems using outbound webhooks. For example, this capability can be used to send a chat notification, create a case, or trigger an external runbook to remediate the issue.

      For details on configuring an outbound webhook, see Outbound webhook parameters.

      To create an additional property, select + Add property. The property can be any custom key-value pair that you want to include in the webhook payload, such as "Content-Type: application/json" or "Authorization: Bearer <token>".
      Note:
      If you don’t select at least one action, the automation is deactivated.
    9. In the And finally section, to continue running other response automations with same filter conditions after this automation is executed, select Run other response alert automations.
      If you select Don't run other response alert automations, additional automations of this type will stop running after this automation is executed once. If the automation is managed by an administrator, it will stop running administrator-owned automations but will continue to run automations owned by other assignment groups.
    10. In the Automation details section, provide an order and automation description.
      Respond automation details section

      For information on the Automation details fields, see Automation details fields.

    11. Select Save automation.

      A notification appears when the automation is successfully saved. Otherwise, an error message is displayed.

      The respond automation that you created appears on the Respond alerts page where you can view, edit, or delete the existing automation.