Introduction

We want to map "OS Type" attribute value to Alert "User Attribute1", this would be helpful to segregate Windows & Unix servers.

However, we don't get Input parameter "Name" in the Properties field while creating event enrichment policy. What is the best way to create & deploy an DB Enrichment Policy to query a DB table and update alert "User Attribute"?

Environment

SOI 3.2, 3.0 and 4.0

Instructions

Here is the procedure\steps to create and deploy an DB Event Enrichment policy to query "ca_ssa_compuersystem" table and fetch CI Attribute "c_primaryostype" and update Alert "User Attribute"

1) Search for a pattern in the Event Policy Editor, as shown below

<Please see attached file for image>

2) Name the Policy and select "Enrich Event" action

<Please see attached file for image>

3) Fill the Class Path and other fields including the table name from which we want to fetch these details

<Please see attached file for image>

4) Update Parameter Configuration

Input Parameter          Assigned Value

c_mdrelementid          ${pattern1.AlertedMdrElementID}

<Please see attached file for image>

Update "Enrichment Property Assignment" as shows above

5) Save & Deploy this policy to a connector like Universal or Spectrum connector

<Please see attached file for image>

6)

<Please see attached file for image>

7) The policy will trigger for alert matches above pattern and query "ca_ssa_computersystem" table, fetch "c_primaryostype" column value and update the alert "User Attribute1"

<Please see attached file for image>