Creating automation policies

Automation engineers create automation policies for a requested event by using a new event JSON, or for existing events saved in the database. Automation policies contain actions that connect with the automation applications supported by BMC Helix Intelligent Automation to perform remediation actions for events. A policy executes only if it is in a published state. You can also create a change request in BMC Helix ITSM as part of the policy execution. 

To create an automation policy

  1. In the BMC Helix Intelligent Automation console, go to Policies and click Create Automation Policy.
  2. In the Policy Information section, enter a unique name and an optional description for the policy. 
  3. Select the execution mode as Manual or Automatic depending upon whether you want to execute the policy manually or automatically based on the incoming events.

    Can I change the execution mode later?

    Yes, you can edit the policy and change the mode anytime.

  4. In the Trigger section, click Browse, and do one of the following:
    • From the Select Event Type tab, select an existing event type and click Done.
      The trigger condition from the event is listed in the following format: <eventCategory>: <eventName>.

      Why don't I see any existing event types to choose from?

      BMC Helix Intelligent Automation has not received any event from an event source such as BMC Helix Operations Management or BMC Helix Service Monitoring so far.

    • On the Paste Event JSON tab, enter the event information in the JSON format, and click Done.
    When you select an event, all parameters in the event appear in the right pane. 
  5. Click anywhere in the Trigger Condition box to start building the expression for a trigger condition, and use the suggested parameters, values, and operators to complete the expression.

    For sample expressions, see Trigger condition expression

  6. To add system or custom tags to the policy, perform the following steps:
    1. System tags: Select one or more tags from the list of available system tags. 
      Based on the event, some system tags are displayed.
    2. Custom tags: In the Tags (Optional) section, enter a key-value pair. 
      Tag key should start with an alphabet and end with an alphanumeric character. Key supports alphanumeric characters and periods, dashes, and underscores. 
  7. To create a change request as part of this policy, perform the following steps:
    1. If not enabled already, use the Enable change ticket creation toggle button and then click Modify to add change request values. 
    2. Select the appropriate values for the following fields and click Save

      1. Impact
      2. Urgency
      3. Company
      4. First Name: By default, first and last name of the logged-in user appears. 
        When you enter the first name, based on the selected company, the list of user names belonging to that company appear in a list in the <username-firstname-lastname> format. If there are multiple users with the same first name, you can select the correct user from the list. When you select the first name, the last name gets selected. 
      5. Last Name
      6. Description: By default, contains the name of the product, BMC Helix Intelligent Automation. The description is updated in the Summary field in the change request in BMC Helix ITSM. Ensure that the description is up to 100 characters only. 
        The selected values are displayed. When a change is created in BMC Helix ITSM, it will contain the values specified in the policy.

  8. To add action to the policy, click Add Action and perform the following steps using the action wizard:
    1. From the Pick an automation tool section, click the connector name.
      Only configured connectors are displayed here. The wizard takes you to the next step to select an action. 
    2. (For Ansible and TrueSight Orchestration only) Click Sync Actions
      All actions available in the selected connector appear. 
    3. Click Select against the action that you want to add to the policy.
      The wizard takes you to the next step to configure an action.
    4. Depending on the selected action, provide the information and click Done.


      Based on the selected event, the event slots with the values specified in the event appear under the Parameters section on the UI. You can click any of the parameters and its value gets copied. You can paste it while defining the action in the policy. 

      The added action appears in the Action Configuration section. You can add multiple actions in a policy. 

      Adding action for supported applications

      To add action for a specific automation application, see the following documentation for an example for each of the supported connections:

  9. In the Estimated Savings section, enter an approximate time (in minutes) and money (in USD) that you may save by automating the actions. 
  10. (Optional) Before you save a policy, do the following steps to test a policy to ensure that the event and the policy match and can be run later:

    1. Click Test Policy.
      You are prompted to save the policy. 

    2. Click Confirm.

    3. On the Test Inputs tab, enter parameter values for testing (if required by the policy being tested), and click Execute
      The results appear in the Test Results tab.
      If the policy test is successful, the policy instance is created and executed on the resource you provide during testing.

      Can I test a policy later?

      Yes, however, you need to change a policy status to draft and edit the policy to test it. BMC recommends that you test a policy while creating it.

  11. Select Publish Policy and click Save to publish the policy.

Trigger condition expression

To build a trigger condition expression, you can use the expression builder provided by BMC Helix Intelligent Automation  while creating an automation policy. To learn more, see Trigger condition

The following table lists sample conditions and the events that will match to those conditions.

Trigger conditionDescriptionSample matching event

"trigger_condition_expression": "$?((($.\"event\".\"sourceNodeID\" == 271878215 && $.\"event\".\"componentalias\" == \"\" || $.\"event\".\"location\" == null && $.\"event\".\"al_parameter_threshold\" == 1.5) || $.\"event\".\"source_identifier\" == \"02c30a2f- e092-ce81-e5f8-be21b57d9760//00092f62-824//a-11ec-b626-0e8f35be3981\" && $.\"event\".\"source_hostname\" == \"02c30a2f- e092-ce81-e5f8-be21b57d9760#00092f62-824a#11ec-b626-0e8f35be3981\") || $.\"event\".\"allow_operations\" == true)",

Matches any event with sourceNodeID that has the number 271878215, location as null, al_parameter_threshold as 1.5, and allow_operations as true  

"sourceNodeID": 271878215,
"componentalias": "",
"location": null,
"al_parameter_threshold": 1.5,
"source_identifier": "02c30a2f- e092-ce81-e5f8-be21b57d9760//00092f62-824//a-11ec-b626-0e8f35be3981",
"source_hostname": "02c30a2f- e092-ce81-e5f8-be21b57d9760#00092f62-824a#11ec-b626-0e8f35be3981",
"allow_operations": true

( tags.event_type == "IDLE_VM_RECOMMENDATION" )Matches any event with event_type having value, IDLE_VM_RECOMMENDATION{
  "tags": {
( tags.event_type == OVERALLOCATED_CONTAINER_RECOMMENDATION ) && ( tags.platform == kubernetes )Matches any event with event_type having value, OVERALLOCATED_CONTAINER_RECOMMENDATION and platform having value, kubernetes.

  "tags": {
    "platform""kubernetes", "event_type""OVERALLOCATED_CONTAINER_RECOMMENDATION "

( event.eventID == '749f50e3-015f-44b0-9acc-c737c337af4a' ) || ( event.userIdentity.type != 'AWSService' ) && ( event.resources[*].accountId == '262766734334' )

Matches any event with eventID having value, 749f50e3-015f-44b0-9acc-c737c337af4a or event.userIdentity.type not equal to AWSService and event.resources[*].accountId having value, 262766734334.


"eventVersion": "1.05",

"userIdentity": {

"type": "AWSService",

"invokedBy": ""


"eventTime": "2020-08-07T13:29:01Z",

"eventSource": "",

"eventName": "GenerateDataKey",

"awsRegion": "us-east-1",

"sourceIPAddress": "",

"userAgent": "",

"requestParameters": {

"keyId": "arn:aws:kms:us-east-1:262766734334:key/8c98fc0d-ed8d-4b52-a3b1-4b5df006c5c6",

"keySpec": "AES_256",

"encryptionContext": {

"aws:cloudtrail:arn": "arn:aws:cloudtrail:us-east-1:262766734334:trail/all-security-events",

"aws:s3:arn": "arn:aws:s3:::security-event-log/secops/AWSLogs/262766734334/CloudTrail/us-east-1/2020/08/07/262766734334_CloudTrail_us-east-1_20200807T1320Z_lV0WaHLWquJdkQpK.json.gz"



"responseElements": null,

"requestID": "f28e9855-fc86-4d62-a1a2-0876fe1399ea",

"eventID": "749f50e3-015f-44b0-9acc-c737c337af4a",

"readOnly": true,

"resources": [


"accountId": "262766734334",

"type": "AWS::KMS::Key",

"ARN": "arn:aws:kms:us-east-1:262766734334:key/8c98fc0d-ed8d-4b52-a3b1-4b5df006c5c6"



"eventType": "AwsApiCall",

"recipientAccountId": "262766734334",

"sharedEventID": "1209b4c9-33f6-4244-8edd-008d4198744f"


Where to go from here

After successfully creating policies, you can view the automation policies in the console, see Viewing, editing, and copying automation policies

Was this page helpful? Yes No Submitting... Thank you