Predefined actions
Predefined actions perform some standard changes on alerts, like acknowledging the alert, assigning the alert, or modifying the severity of the alert.
Predefined actions are typically invoked from the right-click menu on entries in the Alert Viewer. You can also use predefined actions in the context of your own runbooks, for example to clear the related alert once all steps of the runbook have been performed successfully. Predefined actions may be used in fully-automated runbooks.
If you run an action (either from the actions table or as an automated step within a runbook) and no error occurs, then the resulting success message is not localized. Instead, an English message is displayed, so you can parse the output in a subsequent automated step of your runbook and proceed as appropriate. See the following table for the expected success message for each predefined action.
If you run an action and an error occurs, then whenever possible the output area displays a localized error message, for example: ARBA1102E Alert with ID '1234' does not exist. In some cases we receive just a generic message and wrap
it, for example: ARBA1103E Predefined action failed: 400: Bad Request. In those cases check if the values of the other parameters (like team or owner for action Assign owner to alert) are typed
correctly.
Predefined actions are immutable actions that exist after product installation. Each predefined action indicates that the action was last modified by user System. The modification date of a predefined action indicates when its source code was created or modified and is independent of the time when the product was installed.
You cannot create additional predefined actions. Similarly, you cannot copy, edit, test, or delete predefined actions.
The following table lists the existing predefined actions.
| Predefined action | Parameters | Expected output |
|---|---|---|
| Acknowledge alert | alert: ID of the alert to be acknowledged |
Alert acknowledged |
| De-Acknowledge alert | alert: ID of the alert to be de-acknowledged |
Alert deacknowledged |
| Assign owner to alert | alert: ID of the alert to be assigned; team: Name of the user group to be assigned to the alert (the user who performs this action must be a member of that particular user group; use the value - (hyphen)
to set the team to "unassigned"); owner: User ID of the owner to be assigned to the alert (use the value - (hyphen) to set the owner to "unassigned") |
Alert assigned |
| Update severity of alert | alert: ID of the alert to be changed; severity: New severity (choose from enumeration) |
Alert severity updated |
| Suppress alert | alert: ID of the alert to be suppressed |
Alert suppressed |
| De-Suppress alert | alert: ID of the alert to be de-suppressed |
Alert desuppressed |
| Clear alert | alert: ID of the alert to be cleared |
Alert cleared |