Skip to main content

Alert Response Policies

Alert action policies are crucial for managing alerts effectively. They are used to identify root causes, run remediation scripts, and send notifications. These policies ensure that alerts are appropriately handled, enabling proactive resolution and communication of critical events.

Functionality of Alert Actions Policies

  • Run Remediation Scripts: Automatically executing predefined scripts in response to specific alerts can resolve issues without manual intervention, reducing downtime and operational costs.

  • Send Notifications: Ensuring that relevant stakeholders are informed about critical events through various communication channels, enabling timely response and coordination.

Action Providers

  • We have included some actions as part of our out-of-the-box system provider, such as Slack, Teams, and more.

  • We also support executing StackStorm workflows through our alert response policies. Once a customer has onboarded StackStorm to the VP platform, all action workflows from the onboarded StackStorm instance will be available for execution via alert response policies.

    Example:

    name: "Test_slack_action_policy"
description: "Sample action policy"
criteria: "event_provider: \"Virtana IO\" AND -status: Closed AND severity: Critical"
category: "alert_response"
precedence: 1
actions:
  - type: "action"
    criteria: "true"
    action_type: "slack"
    action_name: "Slack_Notification"
    parameters:
      webhook_url: "https://hooks.slack.com/services/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"
      message: "Received alert with entity_name - $alert.entity_name , key - $alert.key , summary - $alert.summary and severity - $alert.severity"

How to Create a New Policy

To create a new policy, navigate to Alert Response in Governance and click New Custom Policy.

Note

To generate the policy with Copilot, refer to Alert Intelligence Policies.

  1. Create YAML-Format Configuration:

    • Copy Template: Make a copy of the “alert-policy.yaml” template.

    • Edit Configuration: Modify the copied file to suit the integration requirements.

    • Upload Policy File: Once configured, upload the YAML file containing the policy.

  2. Add General Information:

    • Policy Name and Description: Enter a descriptive name and detailed description for the policy.

    policy: 
           name : "Slack_notification_for_critical_alert"
           description: "Notify critical alert on slack channel"
           precedence: 1
           category: "alert_response"

  3. Add Alert Criteria:

    • Filter the type of alerts that occur on the selected resources. If no conditions are defined in this section, all alerts on the selected resources will match this policy.

     criteria: "event_provider: OpsCruise AND -status: Closed"

    Note

    The LuceneMemoryIndex class uses a slightly different query syntax than Solr, which affects how we evaluate "Criteria" for each phase/policy. For instance, using the criteria source: EventService AND -entity_type: (pod container) still matches pods and containers. To prevent this, you need to include OR explicitly, like -entity_type: (pod OR container).

    Note

    We do not support special characters in policy criteria.

  4. Add Actions:

    For Alert Response, there is only one policy type, i.e., "action".

    • Action Type: Slack notification

      actions:
      - type: "action"
        action_type: "slack"
        action_name: "Slack_Notification"
        parameters:
          webhook_url: "Add your slack channel url"
          message: "Received alert with entity_name - $alert.entity_name

    • Email notification

      actions:
      - type: "action"
        action_type: "email"
        action_name: "Email_Notification"
        provider_name: "System"
        parameters:
          to_emails: ["example@virtana.com"]
          alert: "$alert"

    • Mattermost notification

      actions:
      - type: "action"
        action_type: "mattermost"
        action_name: "Mattermost_Notification"
        parameters:
          webhook_url: "Add your mattermost url"
          message: "IO: Received alert on entity - $alert.entity_name"

    • Teams notification

      actions:
      - type: "action"
        action_type: "teams"
        action_name: "Teams_Notification"
        parameters:
          webhook_url: "Add your team chat url"
          message: ""

    • Webex notification

      actions:
      - type: "action"
        criteria: "true"
        action_type: "webex"
        action_name: "Webex_Notification"
        provider_name: "System"
        parameters:
          webhook_url: "Add your webex chat url"
          message: ""

    • HTTP action

      actions:
  - type: "action"
    criteria: "true"
    action_type: "http"
    action_name: "Http_Notification"
    provider_name: "System"
    parameters:
          webhook_url: "Add your http url"
          message: ""

  5. Upload Configured YAML File:

    • Upload File: Finally, upload the edited YAML file containing the configured policy to implement it.

Action Providers

Action Providers

Action

OpsCruise Stackstorm

Actions set by the client.

System

Slack, Teams, WebEx

In this section: