Out-of-the-box event policies and templates

BMC Helix Operations Management executes the following out-of-the-box policies for event processing:

  • Predefined Enrichment Policy for Incident
  • Predefined Notification Policy for Incident
  • AlarmEventProcessing
  • AlarmEventCloseProcessing
  • AnomalyEventDuplicateProcessing
  • AnomalyEventCloseProcessing
  • SelfMonitoringEventDuplicateProcessing
  • SelfMonitoringEventCloseProcessing
  • IncidentinfoToOrgIncIdUpdateProcessing
  • incidentinfoEventDuplicateProcessing
  • LogAlertDuplicateProcessing
  • DynatraceEventsDuplicateProcessing
  • SituationEventDuplicateProcessing
  • PatrolEventsDuplicateProcessing
  • PatrolEventsCloseProcessing
  • PredictionEventClose
  • Drop Duplicate Events - BMC Helix Intelligent Integrations
  • Update Old Events - BMC Helix Intelligent Integrations
  • Update AWS CloudWatch Events - BMC Helix Intelligent Integrations
  • Update Azure Events - BMC Helix Intelligent Integrations
  • Update IBM Netcool Events - BMC Helix Intelligent Integrations
  • Close Old Catchpoint Events - BMC Helix Intelligent Integrations

Related topic

Integrating-with-BMC-Helix-ITSM-by-using-the-Integration-Service


The incident policies are executed when BMC Helix Operations Management is integrated with BMC Helix Integration Service. The deduplication policies deduplicate events to filter out unwanted and unnecessary events. For certain event policy types, you can use out-of-the-box policy templates that you can edit and customize.


Predefined Enrichment Policy for Incident

This policy is used for looking up CI information in BMC CMDB. It enriches the following slots based on the event class type. These slots fetch the CI ID, which is required for incident creation in BMC Helix IT Service Management.

  • Component Alias
  • CDM Class
  • Instance Name
  • Model Name

Important

This policy is invisible and you cannot edit it.


Predefined Notification Policy for Incident

This policy is applied in the following scenarios:

  • If the policy is not configured in BMC Helix Operations Management, the policy is automatically created and enabled. This policy is configured with severity as CRITICAL.
  • If the policy is configured in the system, but is not enabled, the policy is automatically enabled.
  • If the policy is configured in the system and is enabled, the system uses this policy for PSR integration.
  • If multiple notification policies for the incident are configured and enabled, the system processes incidents only according to the Predefined Notification Policy for Incident.

Important

You can edit the Predefined Notification Policy for Incident and change the event selection criteria.

For more information about editing the notification policy, see Creating-and-enabling-event-policies.


Event deduplication policies

Based on the dedup slots for event classes, events are deduplicated by using the out-of-the-box deduplication policies listed in the following table. A deduplication policy performs a lookup on existing unclosed events, drops the new event, and updates the existing event with the information from the new event.

Important

  • When deduplication policies run, the slot values of the existing event are updated with slot values of the duplicate event.
  • Event notes are enriched using  only the BMC Helix Intelligent Integrations policies. 
  • For out-of-the-box deduplication policies, if the _repeat_count of an existing event exceeds the default event processing limit of 1000, the following points apply:
    • The incoming event is discarded.
    • No event processing is allowed except for event closure on the existing event.


Event suppression policy

In a suppression policy, the event selection criteria determines which events are selected for suppression. The selected events are permanently dropped. Dropped events are not ingested and therefore not available on the Events page. Event notes are not enriched using this policy.


Event closure policy

In the closure policy, the event selection criteria determines which events are selected for closure. The selected events are permanently closed. Closed events remain in the system, and therefore available on the Events page. Event notes are enriched using this policy.

Out-of-the-box policy templates

Out-of-the-box policy templates with predefined event selection criteria are available that help you to process events and set up routine event-management actions. 

You can edit and customize an out-of-the-box policy template as per your requirement. However, if you choose a different class name, the predefined advanced enrichment configurations are reset. 

By default, the policy templates are disabled. Enable the policies after you edit them as per your requirement.

The following table describes the out-of-the-box policy templates and their predefined criteria: