Automation Policies and Tickets

Download this manual as a PDF file

This section describes how to use run book automation and action policies with device groups in SL1.

SL1 includes automation features that allow you define specific conditions and the actions you want SL1 to execute when those conditions are met. These features can be found in the Registry > Run Book pages. (For more details on automation policies and action policies, see the section on Run Book Automation.)

SL1 also allows you to align a ticket with a device group when creating a ticket. You can align a ticket with a device group from the Ticket Console page.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

What is an Automation Policy?

An automation policy allows you to define automatic actions that should be executed in response to events. The automation policy defines the conditions under which an automatic action should be executed.

When the criteria in an automation policy is met, an action is executed. This action is defined in an action policy. To view a list of action policies or edit or create an action policy, go to the Action Policy Manager page (Registry > Run Book > Actions).

For example, an automation policy might specify: If the event "illicit process" occurs on all the devices in device group "mailservers", and the event is not cleared within five minutes, execute the action policy "email NOC". The action policy "email NOC" could email all NOC staff about the "illicit process" event.

Automation policies can describe the criteria described below. One or more of these criteria must be met before an action is executed:

  • One or more specified events must have occurred.
  • Events must have occurred on one or more specified devices or all devices in one or more specified device groups.
  • Event(s) must have specified severity (critical, major, minor, notice, or healthy).
  • Events must have specified status (event is not cleared, event is now acknowledged, ticket is not created for event).
  • Specific amount of time that must elapse while severity and status do not change.

When the criteria are met, the automation policy triggers the execution of one or more specified action policies.

Aligning an Automation Policy with a Device Group

When you align an automation policy with a device group, you specify that all the conditions in the automation policy must occur on at least one device in that device group before an action policy is executed. This is quicker and easier than manually selecting individual devices.

When you align a device group with an automation policy, all the devices in the device group and all child device groups and their devices are included in the automation policy.

To align an automation policy with a device group, perform the following:

NOTE: If the definition for a device group in the Device Group Editor page does not include Notification/Automation in the Visibility field, you will not be able to align an automation policy with the device group. Instead, you will have to manually select each device in the device group.

  1. Go to the Automation Policy Manager page (Registry > Run Book > Automation).
  2. In the Automation Policy Manager page, you can:
  • Edit an existing automation policy. To do so, find the policy you want to edit and click its wrench icon ().
  • Create a new automation policy. To do so, click the Create button.
  1. When the Automation Policy Editor page appears, you can use the following fields to align the automation policy with a device group:
  • Align With. Specifies whether to align this automation policy with one or more devices or one or more device groups.
  • Available Device Groups. If you selected Device Groups in the Align With field, this field displays a list of all device groups in SL1. You can select one or more device groups in this field. The selected event(s) and event criteria must occur on each selected device in each selected device group before the automation policy will be executed. To select a device group, highlight it and click the right-arrow button (>>).
  • Aligned Device Groups. This pane displays a list of all device groups aligned with this automation policy. To deselect a device group, highlight it and click the left-arrow button (<<).

What is an Action Policy?

An action policy is an action that can be automatically triggered in SL1 when certain criteria are met. The triggers are defined in an automation policy in the Automation Policy Manager page (Registry > Run Book > Automation).

An action policy can perform one of the following tasks:

  • Send an email message to a pre-defined list of users.
  • Send an SNMP trap from SL1 to an external device.
  • Create a new ticket (using ticket templates defined in Ticket Templates page [Registry > Ticketing > Templates])

  • Update an existing ticket. An action policy can change the status and/or severity of an existing ticket and/or add a note to an existing ticket. For this action policy to trigger successfully, a ticket must be associated with the event that triggered the action.

  • Write an SNMP value to an existing SNMP object on an external device.

  • Query a database.

  • Run a custom python script, called a snippet.

  • Write an SNMP value to an existing SNMP object on an external device.

To create an action policy, go to the Action Policy Manager page (Registry > Run Book > Actions) and click the Create button.

Aligning a Ticket with a Device Group

A ticket is a request for work. This request can be in response to a problem that needs to be fixed, for routine maintenance, or for any type of work required by your enterprise. When creating a ticket you can align that ticket with a device group. To align a ticket with a device group:

  1. Go to the Ticket Console page (Tickets > Classic Tickets, or the Tickets tab in the classic SL1 user interface).
  2. In the Ticket Console page, click the Create button.
  3. The Ticket Editor page appears. In the Ticket Editor page, the Element field allows you to select the element where the problem occurred. To select a device group, click the magnifying glass icon () to the right of the field.
  4. The Finder page appears, where you can select the device group to align with the ticket.
  5. To search for a device group, select the Device Group checkbox. To exclude an element from the search, unselect its checkbox.
  6. In the Search field you can also enter a whole or partial string of text for the device group you want to find.
  7. Click the Search button.
  8. Click on the device group to align the device group to the ticket.

Searching for a Ticket Aligned with a Device Group

In the Ticket Console page you can search for existing tickets aligned with a device group. The Ticket Console page contains "filter-while-you-type" fields at the top of the page that allow you to filter the list of tickets by one more parameters. To search for a ticket aligned with a device group:

  1. Go to the Ticket Console page (Tickets > Classic Tickets, or the Tickets tab in the classic SL1 user interface). In the Ticket Console page, the Element Name field allows you to search for device groups aligned with a ticket.
  2. Enter a full or partial search string in the Element Name field. The list of tickets will be filtered to display the element(s) that meet your search criteria.
  3. You can access the Device Group Editor page for each ticket aligned with a device group by selecting its device icon () in the Element field. For more information on device groups, see the section on Creating and Editing Device Groups.

For more information on tickets, see the section on Ticketing.