Previous Topic: Design Queries for Events to Send to the Event/Alert Output ProcessNext Topic: Example: Send an Alert that Runs an IT PAM Process Per Query

Administration GuideAction AlertsWorking with CA IT PAM Event/Alert Output ProcessesExample: Send an Alert that Runs an IT PAM Process Per Row

Example: Send an Alert that Runs an IT PAM Process Per Row

You can send an alert that runs the CA IT PAM event/alert output process per row or per query. This example illustrates the procedure of running the process per row. It includes an example of what can be viewed for this type of alert by personnel working with both CA IT PAM and the third-party product to which CA IT PAM sends the details.

Prior to creating an alert to run an IT PAM process for a given query, it is a good practice to identify the CEG columns that return data. These columns are the ones to select when creating a summary and description statement for the alert.

Note: Copy the query and click the Query Columns step. For fields designed to be visible, notice the column name corresponding to the display name. For example, the CEG field used to populate the Account column is dest_username.

For each display name, the column name is listed, where visible is checked.

To create an alert when a default account member logs in successfully

  1. Click the Alert Management tab and then click the Alert Scheduling subtab.
  2. Click Schedule an Action Alert.

    The Schedule Action Alerts wizard appears.

  3. Complete the Alert Selection step as follows:
    1. Enter the job name, for example, Default Account Logins.
    2. Click the Action Alerts tag.
    3. Select the Successful Login by Default Account in last 24 hours query and move it to the Selected Queries list.

      Complete the alert selection by adding the query to the tag.

  4. Select a date range for running the query and the maximum number of rows to display.
    1. Click Result Conditions.
    2. Select a date range such as 'now' and 'now' '-1 hours'
    3. Select result display parameters such as row limit of 10 and time granularity as event_datetime.
    4. Skip grouped events.
  5. Define the schedule.
  6. Define the alert data to pass to the IT PAM process along with the event data retrieved by the query.
    1. Click the Destination step.
    2. Select the IT PAM Process tab.
    3. Select Successful Login by Default Account in the last 24 hours.
    4. Select Run IT PAM process per row.
    5. If the configured IT PAM Process is not the one you want to run, change the path for IT PAM Process. The IT PAM process must contain the full path beginning with a forward slash (/).
    6. (Optional) Create a summary statement with literal text and variables. Here, the variables are derived from CEG fields when the collected data for a row is refined. Following is an example summary statement using variables. 
      The  (dest_username) account performed the (event_action) action on (dest_hostname)

      The first statement is created as follows:

      • Type the word, "The"
      • Select dest_username from the Select Field drop-down list, then click + next to the Summary field.
      • Type the phrase "account performed the"
      • Select event_action from the Select Field drop-down list, then click + next to the Summary field.
      • Type the phrase "action on"
      • Select dest_hostname from the Select Field drop-down list, then click + next to the Summary field.
    7. (Optional) Create a description with literal text and text derived from CEG fields. Select the desired field from the Select Field drop-down list and click +. For example: 
      The (event_logname) log shows the result of (event_result) on (event_datetime)

      The(event_result) of the (event_action) is logged in the (event_logname) log.

      The (event_logname) log shows the (event_action) action had a result of (event_result).
    8. For Send field values as parameters, select each CEG field that the specified IT PAM process uses as a process parameter.

      Note: Since the selected process does not use any CEG field names as parameters, no fields are checked in this example. To determine if a custom process uses such parameters, view the Dataset tab in the CA IT PAM event/alert output process.

      SIM--ITPAM fields for SuccessfulAlert2--SCR

  7. Select a Server.
  8. Click Save and Close.
    The job appears on the Action Alert Jobs list.

    Example job result.

  9. Click Alert Management, Self-Monitoring Events to view results. A partial view the information rows follows:

    Action, Result, and Result Description are displayed in this example.

  10. Click the Alert Management tab, Action Alerts subtab. Select the alert you scheduled to view query results.

    View the Default Accounts Logins details.

  11. Check the self-monitoring event tab for results returned from CA IT PAM.

    A partial example of a success message follows, where this message appears in the self monitoring events for the Report Server. Notice the ticket number following Results =.

    Nification Creation of successful run of process.

  12. (Optional) Review the results on CA Service Desk as follows:
    1. Log on to CA Service Desk.
    2. Select Request and enter the issue number.
    3. Click the request number link to review the issue detail and summary information.

More information:

Guidelines for Creating an Event/Alert Output Process