06-29-2007 10:54 AM - edited 03-09-2019 06:17 PM
Hello, is there a way to configure MARS to send an email alert whenever there is a Red (High) Incident?
07-02-2007 05:51 AM
FYI for anyone else trying to do this - This is what TAC said:
Currently it's not possible to have MARS send alert for RED incidents for all rules. At the moment you can set an alert to a specific rule, not to any rule with one severity.
This limitation is currently being addressed through enhancement request
CSCse89349 (Receive email notification for All Red Severity Incidents).
07-02-2007 06:22 AM
Until it is enhanced, here is one possible option that will get you close to what you want:
Create a scheduled report to run every hour.
qry format = "matched incident ranking". make sure "use only firing events is checked". Click on the events column in the query and change "Restrict to Severity" to "RED". Change the time to last 1 hour.
This report should only contain severity red incidents. Of course it's only hourly, but it gets you closer.
07-02-2007 09:09 AM
I created a rule that will send out an email alert anytime it sees the severity as RED - all other fields left at 'any'. it sends out a link via email every time a high alert event is triggered. i defined the action to email me.
07-02-2007 09:26 AM
I believe the problem is that this doesn't tie directly to an incident. I think the OP wants 1 notification per red incident.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: