Hello,
I was trying to find a way to automatically close some alerts that are sent to our account "Default API": these alerts are correctly coming on this endpoint and I know how to create the appropriate filters, but then I struggle how the actions of the integration are supposed to work:
From "Integrations Framework - Action Processing" documentation:
Then, for the last 3 "Acknowledge Alert", "Add Note", "Close Alert", I'm not sure how to understand them. There's this notion of "alias", which I guess is this kind of "global identifier" that was set when the alter was created just before.
But then, I don't understand how these actions are triggered. By default, their filter is "Match all alerts" but I didn't see my alerts being closed, acknowledged or having a note added automatically. I'm a bit lost on how I should understand / configure these :)
Ultimately, I tried to configure a new "Close" action which filters match the fields of the alert I wanted to automatically close, but it didn't work at all. I suppose, as this was a brand new alert, it didn't have this "alias", and only the "Create" action was executed, but then I'm not sure how to execute the other actions...
Some help / clarification would be greatly appreciated!
So what might be happening is all of your alerts are matching the Create Alert action in your Default API. I would try make sure that your Create and Close have mutually exclusive filters.
Also, can you explain more on what data is coming in that says "close this alert". Im sure its something in the pay load like a flag or keyword.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.