Defining event policies for enrichment, correlation, notification, and suppression
As an administrator, use event policies to process events and set up routine actions for event management quickly and easily. With these policies, you can define actions that must be run when events with specific conditions are generated.
Use event polices to perform the following actions to identify actionable events:
- Refine event information by performing event enrichment.
- Establish event relationships by correlating events.
- Filtering unwanted events by suppressing events.
- Generate event based notifications based on certain conditions.
Each event policy consists of the following details:
- The basic policy information such as the name, description, and precedence.
- An event selection criteria, which is the first filter based on which incoming events are selected for further processing.
- A time frame for the policy to be active.
- A built-in evaluation order for the different types of event policies configured.
- The configuration settings that define actions to determine how the events must be processed.
Except the evaluation order, you can configure these details while configuring an event policy.