Introduction

First response policy allows you to auto-suppress alerts as a first response mechanism for frequent and unnecessary alerts.

Prerequisites

You must have OpsQ View and OpsQ Manage permissions to access first response and alert escalation policies.

Creating a client-level first response policy

To create a client first response policy:

  1. Enter name and policy mode
  2. Filter criteria
  3. Policy definition

Step 1: Enter policy name and mode

To enter the policy name and select mode:

  1. Go to Setup > Alerts > First Response.
  2. Select a client.
  3. Click +Add.
  4. Provide a name for the policy.
  5. Select the mode.
Enter policy name and mode

Enter policy name and mode

Step 2: Filter criteria

To filter for resources whose alerts match this policy:

  1. Select Filter Criteria.
  2. Choose from Any or All of the defined conditions to apply a filter for the alerts.
  3. Select Native Attributes or Resource Custom Attributes depending on your requirement.
    • Note: Native Attributes are the predefined attributes and Resource Custom Attributes are user-defined attributes.
  4. Select the required attribute, logical operator, and provide the value.
    • Note: Click + to add multiple filter conditions.
Filter criteria

Filter criteria

Step 3: Policy definition

Alert pattern actions

To train the system to suppress alerts that have a common pattern:

  1. Select Suppress alerts that happen regularly, at around the same time to suppress alerts that happen regularly at around the same time.
  2. Specify the Seasonality Timeframe.
  3. Click Save.
Alert Pattern Action Seasonality Timeframe

Alert Pattern Action Seasonality Timeframe

Alert attribute actions

Manually assign first-response actions or train the system to apply the selected first-response actions on the alerts containing specific characteristics.

  • Suppress Alerts: To manually suppress alerts, from the Suppress Alerts drop-down, select the required suppress action, and click Save.
  • Run Processes: To manually add a process definition, from the Run Processes section, click Add, select the required process definition and click Save.
  • Learned Configuration: To train the system to run first-response actions on the alerts. This option applies to both Suppress Alerts and Run Processes options.
Alert Attribute Actions

Alert Attribute Actions

Selecting learned configuration

To apply the first-response actions using a training file or machine-learning:

  1. Select Learned Configuration.
  2. To add a training file:
    1. Click Drop the training data file here, or browse to upload a training file.
      Note: One client can upload only one training file. Changing the training file affects all the learned policies of the client.
    2. Select the file from your local folder.
      On uploading the file Input and Output columns appear.
    3. Verify the Input and Output columns.
      Verify Input and Output Columns

      Verify Input and Output Columns

    4. Click Continue to Model Training.
    5. Click Train Model. The accuracy of the trained first-response policy appears in the Summary section.
    6. Click Review and then click Save.
    7. Review the model accuracy.
    8. (Optional) Click Edit to modify the configuration if required.

The first response policy is created and appears on the First Response Policies page.

Created First Response Policies

Created First Response Policies

Creating a partner-level first response policy

To set up a policy on the partner-level:

  1. From Setup > Alerts > First Response.
  2. Specify Client Select. Do not select a client.
  3. Click +Add.
  4. Provide a name for the policy. For example: Partner policy suppress for 10 min.
  5. Verify the Policy Scope is PARTNER.
  6. For Client, specify either Include All Clients or Include Clients
  7. Select a mode. For example: ON.
  8. Select Filter Criteria to specify the filter rules.
  9. From Policy Definition, specify Alert Pattern Actions and Alert Attribute Actions values.
  10. Click Save.

Note: Click the count of numbers displayed against Number of suppressions to view details.

New First Response Policy - Partner

New First Response Policy - Partner

Editing policies

To modify the details of existing first response policy:

  1. Click the policy name.
  2. From the policy page, click Edit.
  3. From EDIT FIRST RESPONSE POLICY, edit the details as required.
  4. Click Save.

Deleting policies

To delete a policy that is no longer used:

  1. Select the checkbox adjacent to the policy and then click Delete.
  2. Click Yes on the confirmation window. The policy is deleted from the First Response Policies List.

Creating copies

To create a new policy using the details of an existing policy:

  1. From the First Response Policies page, select the checkbox adjacent to the policy and click the copy icon. The NEW FIRST RESPONSE POLICY page is displayed with the main policy details.
  2. Provide a unique name for the policy.
  3. Modify the details as required.
  4. Click Save.

The new policy is created and displayed under First Response Policies List section.