Question on Action Policy for Event Enrichment

Looking for some inputs on how i use Run book Variable (specifically "Device Group " , %1 ) in an Action policy of type Snippet for Event source.
Basically, I am trying to do some Event Enrichment via Action Policy of type snippet i.e If alert related to particular Device under Device Group then set Alert Severity to CRITICAL.
Example, if org is Azure and Device Group is sql , then set severity to CRITICAL else MAJOR.
Looking for correct syntax for below
if EM7_VALUE ['%O'] =='Azure' and EM7_VALUE['%1']=='sql'

Forum Discussion

Question on Action Policy for Event Enrichment

Recent Discussions

System Event Customization

Classic Credentials - Access denied

Config push process Vs Appliance page config push force

putting a 2 node SL1 HA database env in maintenance

Unnecessary API calls in Meraki API v115