We want to map "OS Type" attribute value to Alert "User Attribute1", this would be helpful to segregate Windows & Unix servers.
However, we don't get Input parameter "Name" in the Properties field while creating event enrichment policy. What is the best way to create & deploy an DB Enrichment Policy to query a DB table and update alert "User Attribute"?
SOI 3.2, 3.0 and 4.0
Here is the procedure\steps to create and deploy an DB Event Enrichment policy to query "ca_ssa_compuersystem" table and fetch CI Attribute "c_primaryostype" and update Alert "User Attribute"
1) Search for a pattern in the Event Policy Editor, as shown below
2) Name the Policy and select "Enrich Event" action
3) Fill the Class Path and other fields including the table name from which we want to fetch these details
4) Update Parameter Configuration
Input Parameter Assigned Value
Update "Enrichment Property Assignment" as shows above
5) Save & Deploy this policy to a connector like Universal or Spectrum connector
7) The policy will trigger for alert matches above pattern and query "ca_ssa_computersystem" table, fetch "c_primaryostype" column value and update the alert "User Attribute1"