Alert Response policies
Alert actions policies are crucial for managing alerts effectively. They are used to identify root causes, run remediation scripts, and send notifications. These policies ensure that alerts are appropriately handled, enabling proactive resolution and communication of critical events.
Functionality of Alert Actions Policies
Run Remediation Scripts: Automatically executing predefined scripts in response to specific alerts can resolve issues without manual intervention, reducing downtime and operational costs.
Send Notifications: Ensuring that relevant stakeholders are informed about critical events through various communication channels, enabling timely response and coordination.
Action Providers
We have included some actions as part of our out-of-the-box system provider, such as Slack, Teams, and more.
We also support executing StackStorm workflows through our alert response policies. Once a customer has onboarded StackStorm to the VP platform, all action workflows from the onboarded StackStorm instance will be available for execution via alert response policies.
Example:
name: "Test_slack_action_policy"
description: "Sample action policy"
criteria: "event_provider: \"Virtana IPM\" AND -status: Closed AND severity: Critical"
category: "alert_response"
precedence: 1
actions:
- type: "action"
criteria: "true"
action_type: "slack"
action_name: "Slack_Notification"
parameters:
webhook_url: "https://hooks.slack.com/services/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"
message: "Received alert with entity_name - $alert.entity_name , key - $alert.key , summary - $alert.summary and severity - $alert.severity"How to Create a New Policy
To create New Policy, navigate to Governance>Alert Response>New Policy.
Create YAML-Format Configuration:
Copy Template: Make a copy of the “alert-policy.yaml” template.
Edit Configuration: Modify the copied file to suit the integration requirements.
Upload Policy File: Once configured, upload the YAML file containing the policy.
Add General Information:
Policy Name and Description: Enter a descriptive name and detailed description for the policy.
policy: name : "Slack_notification_for_critical_alert" description: "Notify critical alert on slack channel" precedence: 1 category: "alert_response"Add Alert Criteria:
Filter the type of alerts which occur on the selected resources. If no conditions are defined in this section, all alerts on the selected resources will match this policy.
criteria: "event_provider: OpsCruise AND -status: Closed"
Note
The LuceneMemoryIndex class uses a slightly different query syntax than Solr, which affects how we evaluate "Criteria" for each phase/policy. For instance, using the criteria source: EventService AND -entity_type: (pod container) still matches pods and containers. To prevent this, you need to include OR explicitly, like -entity_type: (pod OR container).
Note
We do not support special characters in policy criteria.
Add Actions:
For Alert Response there is only one policy type i.e "action"
actions: - type: "action" action_type: "email" action_name: "Email_Notification" provider_name: "System" parameters: to_emails: ["example@virtana.com"] alert: "$alert"Action Type: Slack notification
actions: - type: "action" action_type: "slack" action_name: "Slack_Notification" parameters: webhook_url: "Add your slack channel url" message: "Received alert with entity_name - $alert.entity_nameEmail notification
actions: - type: "action" action_type: "email" action_name: "Email_Notification" provider_name: "System" parameters: to_emails: ["example@virtana.com"] alert: "$alert"Mattermost notification
actions: - type: "action" action_type: "mattermost" action_name: "Mattermost_Notification" parameters: webhook_url: "Add your mattermost url" message: "VW: Received alert on entity - $alert.entity_name"Teams notification
actions: - type: "action" action_type: "teams" action_name: "Teams_Notification" parameters: webhook_url: "Add your team chat url" message: ""Webex notification
actions: - type: "action" criteria: "true" action_type: "webex" action_name: "Webex_Notification" provider_name: "System" parameters: webhook_url: "Add your webex chat url" message: ""
Upload Configured YAML File:
Upload File: Finally, upload the edited YAML file containing the configured policy to implement it.
Navigating the Custom Dashboard:
You can explore details of policies, user activities, and leverage visualizations for quick insights. This tabular representation allows to quickly assess the details of various governance policies in one centralized view. It provides essential information such as the policy's purpose, type, last editor, edit date, and its current state. This enables efficient monitoring, management, and adjustment of governance policies as needed.
Policy Name: The unique name or identifier of the governance policy.
Priority: The priority column in the governance tab indicates the relative importance or urgency of each policy. In this system, a higher number indicates a lower priority, while a lower number signifies a higher priority.
Description: A brief description explaining the purpose or focus of the policy.
Policy Type: The type or category of the policy (e.g., Deduplication, Correlation, Enrichment).
Edited By: The user or team who last edited or modified the policy.
Edit Date: The date and timestamp when the policy was last edited or updated.
State: Indicates the current status of the policy (e.g., enable, disable).
Action Providers
Action Providers | Action |
|---|---|
OpsCruise Stackstorm | Actions set by client. |
System | Slack, Teams, WebEx |