Question on Action Policy for Event Enrichment

Looking for some inputs on how i use Run book Variable (specifically "Device Group " , %1 ) in an Action policy of type Snippet for Event source.
Basically, I am trying to do some Event Enrichment via Action Policy of type snippet i.e If alert related to particular Device under Device Group then set Alert Severity to CRITICAL.
Example, if org is Azure and Device Group is sql , then set severity to CRITICAL else MAJOR.
Looking for correct syntax for below
if EM7_VALUE ['%O'] =='Azure' and EM7_VALUE['%1']=='sql'

Forum Discussion

Question on Action Policy for Event Enrichment

Recent Discussions

Storage Monitoring

GraphQL Query

Azure German Portal SQL API deprecation

Dashboard Access Key permissions

SL1 Licensing