Abhishek_Garg
Contributor
25 days agoQuestion on Action Policy for Event Enrichment
Looking for some inputs on how i use Run book Variable (specifically "Device Group " , %1 ) in an Action policy of type Snippet for Event source.
Basically, I am trying to do some Event Enrichment via Action Policy of type snippet i.e If alert related to particular Device under Device Group then set Alert Severity to CRITICAL.
Example, if org is Azure and Device Group is sql , then set severity to CRITICAL else MAJOR.
Looking for correct syntax for below
if EM7_VALUE ['%O'] =='Azure' and EM7_VALUE['%1']=='sql'