This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Alert grouping

Posted on 02-02-2022 08:23 AM
Slinger_James
New Member
Reply posted on --/--/---- --:-- AM

Good afternoon all!

I was wondering if one of the Siemplify Wizards in the community could help me out with alert grouping.

0 12 201
Topic Labels
0 Likes
12 REPLIES 12

Posted on --/--/---- --:-- AM
Slinger_James
New Member
Reply posted on --/--/---- --:-- AM

We have an Exchange connector that pulls header data from attached .eml files within messages that get sent to a specific inbox. See below:

View files in slack

0 Likes

Posted on --/--/---- --:-- AM
Slinger_James
New Member
Reply posted on --/--/---- --:-- AM

From there using a Visual Family configuration, we specify the headers values that should get assigned as entities:

View files in slack

0 Likes

Posted on --/--/---- --:-- AM
Slinger_James
New Member
Reply posted on --/--/---- --:-- AM

Then in alert grouping we have the settings below:

View files in slack

0 Likes

Posted on --/--/---- --:-- AM
Slinger_James
New Member
Reply posted on --/--/---- --:-- AM

But we are still seeing alerts that should be grouped together in separate cases. Does anyone know what I am doing wrong?

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi @Slinger James
Based on the third image the rule applies only to alerts with the EXACT name in the "Value" column.
The name contains an email address that might change from alert to alert.
This might be a reasons.
What do you think?

0 Likes

Posted on --/--/---- --:-- AM
Slinger_James
New Member
Reply posted on --/--/---- --:-- AM

Hey @Jenya Shvetsov , thanks for replying. So the connector monitors that inbox specifically so any alerts that come in from that from that connector usually always come from that inbox.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

If the Alert Type is exactly the same in all those alert - then should be good.
Just something worth checking.
Also - I would try setting the Grouping Entities to a single entity first.

0 Likes

Posted on --/--/---- --:-- AM
Slinger_James
New Member
Reply posted on --/--/---- --:-- AM

@Jenya Shvetsov
I see. Can you take a look at the config below and tell me if Siemplify should now properly group the alerts in order?

View files in slack

0 Likes

Posted on --/--/---- --:-- AM
Slinger_James
New Member
Reply posted on --/--/---- --:-- AM

As you can see, I've changed the configuration so that anything from the Exchange connector should group by generic entity which is specified in the Visual Family configuration.

0 Likes

Posted on --/--/---- --:-- AM
Tomtomfridman
Staff
Reply posted on --/--/---- --:-- AM

@Slinger James

0 Likes

Posted on --/--/---- --:-- AM
Slinger_James
New Member
Reply posted on --/--/---- --:-- AM

@Jenya Shvetsov
I see. Can you take a look at the config below and tell me if Siemplify should now properly group the alerts in order?

View files in slack

0 Likes

Posted on --/--/---- --:-- AM
Slinger_James
New Member
Reply posted on --/--/---- --:-- AM

Hey @Jenya Shvetsov , thanks for replying. So the connector monitors that inbox specifically so any alerts that come in from that from that connector usually always come from that inbox.

0 Likes
Top Solution Authors
View all