Looking for some inputs on how i use Run book Variable (specifically "Device Group " , %1 ) in an Action policy of type Snippet for Event source.
Basically, I am trying to do some Event Enrichment via Action Policy of type snippet i.e If alert related to particular Device under Device Group then set Alert Severity to CRITICAL.
Example, if org is Azure and Device Group is sql , then set severity to CRITICAL else MAJOR.
Looking for correct syntax for below
if EM7_VALUE ['%O'] =='Azure' and EM7_VALUE['%1']=='sql'
Question on Action Policy for Event Enrichment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.