DB enrichment examples to update UserAttributes

Document ID : KB000039817
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction

We want to map "OS Type" attribute value to Alert "User Attribute1", this would be helpful to segregate Windows & Unix servers.

However, we don't get Input parameter "Name" in the Properties field while creating event enrichment policy. What is the best way to create & deploy an DB Enrichment Policy to query a DB table and update alert "User Attribute"?

Environment

SOI 3.2, 3.0 and 4.0

Instructions

Here is the procedure\steps to create and deploy an DB Event Enrichment policy to query "ca_ssa_compuersystem" table and fetch CI Attribute "c_primaryostype" and update Alert "User Attribute"

1) Search for a pattern in the Event Policy Editor, as shown below

1.png

2) Name the Policy and select "Enrich Event" action

2.png

3) Fill the Class Path and other fields including the table name from which we want to fetch these details

3.png

4) Update Parameter Configuration

Input Parameter          Assigned Value

c_mdrelementid          ${pattern1.AlertedMdrElementID}

4.png

Update "Enrichment Property Assignment" as shows above

5) Save & Deploy this policy to a connector like Universal or Spectrum connector

5.png

6)

6.png

7) The policy will trigger for alert matches above pattern and query "ca_ssa_computersystem" table, fetch "c_primaryostype" column value and update the alert "User Attribute1"

7.png