Page tree

Skip to end of metadata
Go to start of metadata

Through this feature, external applications are not required to do any mapping; you define the mapping once in the cell and the cell does the required mapping. You can define the mapping for the event class through the Administrator console or through mposter.

The cell uses the mc_origin_sev slot of the event and sets the severity slot of the event.

The cell KB contains a data class to store the origin class and all possible custom severities.

Class name: DEFAULT_PROVIDERS_SEV
provider_class: STRING;
severity: STRING;

The DEFAULT_PROVIDERS_SEV class contains out-of-the-box values for all common integrations. To add a new custom severity for any class, add data instance of DEFAULT_PROVIDERS_SEV using mposter or through the Administrator console.

Example:

To add data instance of severity mapping using mposter:

mposter -n pncell_<cell name> -d -a SEVERITY_MAP -b "origin_class= ITDA_Event;origin_sev=ERROR;mapped_sev=CRITICAL"

In this example, an event of origin_class ITDA_Event with origin_sev as ERROR is mapped in the cell to CRITICAL severity.

  • No labels