Administration Guide › Action Alerts › Customizing Queries for Action Alerts
Customizing Queries for Action Alerts
Alerts are designed to notify the appropriate person, process, or product when a severe event occurs. When attempting to identify queries on which to base alerts, consider queries designed to retrieve events with a high security level.
After you identify the definitions for severe events, you can identify the queries that retrieve severe events. If queries do not exist, you can create them.
Consider the following process:
- Identify the event types that CA considers very severe, where event types are defined by category, class, action, and result.
- Identify predefined queries that are designed to retrieve only such events.
- Identify predefined queries that are designed to retrieve events that would include severe events, but could be customized to include only severe events.
- Create custom queries where predefined queries do not exist.
- Schedule alerts to run these queries frequently.
More information:
Identify the Simple Filter for Severe Events
Customize Queries to Retrieve Only Severe Events
Create a Query to Retrieve Only Severe Events
Copyright © 2013 CA.
All rights reserved.
|
|