Hello,
I was trying to find a way to automatically close some alerts that are sent to our account "Default API": these alerts are correctly coming on this endpoint and I know how to create the appropriate filters, but then I struggle how the actions of the integration are supposed to work:
From "Integrations Framework - Action Processing" documentation:
- Ignore: "the webhook data [...] will be ignored completely" This one is pretty clear.
- Create Alert: If data hasn't been ignored by the previous action, this action will create new alerts. Depending on the filters specified, the actual content of the alert can be customized. Do I understand correctly?
Then, for the last 3 "Acknowledge Alert", "Add Note", "Close Alert", I'm not sure how to understand them. There's this notion of "alias", which I guess is this kind of "global identifier" that was set when the alter was created just before.
But then, I don't understand how these actions are triggered. By default, their filter is "Match all alerts" but I didn't see my alerts being closed, acknowledged or having a note added automatically. I'm a bit lost on how I should understand / configure these :)
Ultimately, I tried to configure a new "Close" action which filters match the fields of the alert I wanted to automatically close, but it didn't work at all. I suppose, as this was a brand new alert, it didn't have this "alias", and only the "Create" action was executed, but then I'm not sure how to execute the other actions...
Some help / clarification would be greatly appreciated!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.