Mapping severity of external applications to the cell severity
Through this feature, external applications are not required to do any mapping; you define the mapping once in the cell and the cell does the required mapping. You can define the mapping for the event class through the Administrator console or through mposter.
The cell uses the mc_origin_sev slot of the event and sets the severity slot of the event.
The cell KB contains a data class to store the origin class and all possible custom severities.
Class name: DEFAULT_PROVIDERS_SEV
provider_class: STRING;
severity: STRING;
The DEFAULT_PROVIDERS_SEV class contains out-of-the-box values for all common integrations. To add a new custom severity for any class, add data instance of DEFAULT_PROVIDERS_SEV using mposter or through the Administrator console.
To add a data instance from the Administrator console
- Log on to the Administrator console and access the Dynamic Data Editor tab.
- On the left pane, select Severity Map and click Add data instance. Select from the Event Generators field and map the Origin Severity and Mapped Cell Severity, as shown in the following example:
- Click OK to save the mapped severity.
To add a data instance using mposter
Example:
mposter -n pncell_<cell name> -d -a SEVERITY_MAP -b "origin_class= ITDA_Event;origin_sev=ERROR;mapped_sev=CRITICAL"
In this example, an event of origin_class ITDA_Event with origin_sev as ERROR is mapped in the cell to CRITICAL severity.
When defining the severity mapping through the Administrator console and if you do not find your custom severity, add it using mposter:
mposter -n <cell name> -d -a DEFAULT_PROVIDERS_SEV -b "provider_class=<class name>;severity=<custom severity>"
For example, to add a custom severity for PATROL_EV class:
mposter -n <cell name> -d -a DEFAULT_PROVIDERS_SEV -b "provider_class=PATROL_EV;severity=STATE_CHANGE"
If the custom severity is already present in the Administrator console severity map, you do not need to perform the above step.