How do I create a custom incident?

To create a custom incident

Example custom incident

An Incident allows you to track ongoing situations in your network, as determined by its associated events. Learn more about Incidents.

To create a custom incident:

Incidents are configured from the Incidents tab of the Event Administration page.

1. Navigate to the Event Administration page, and then click the Incidents tab.
2. Click Add. This will open the New Incident window, which has the following fields:

   Field Name	Field Description
   Name	incident name displayed in ENA.
   enabled	when ticked, the incident can be raised in ENA.
   Description	description of the incident.
   Opened By Any Of	each row shows an event type and its source, which can open the incident. click Add to open the Event Type Selection dialog. Select an event Type and its Target. By default, Target is set to 'source', which causes ENA to raise incidents against the same source as the event. You can define an expression to set a different source, e.g. for a port event raising the incident against its device, enter source.device. highlight a row and click Delete to remove from the incident definition.
   Updated By	each row shows an event type and its source, which can update the incident. click Add to open the Event Type Selection dialog. Select an event Type and its Target. By default, Target is set to 'source', which causes ENA to raise incidents against the same source as the event. You can define an expression to set a different source, e.g. for a port event raising the incident against its device, enter source.device. highlight a row and click Delete to remove from the incident definition.
   Closed By Any Of	each row shows an event type and its source, which can close the incident. click Add to open the Event Type Selection dialog. Select an event Type and its Target. By default, Target is set to 'source', which causes ENA to raise incidents against the same source as the event. You can define an expression to set a different source, e.g. for a port event raising the incident against its device, enter source.device. highlight a row and click Delete to remove from the incident definition.
   Update incident details	control how ENA updates the incident, either: Update severity and details to match the most recent event. Use the severity and details of the most severe event.
   Age Out	time period during which if the incident state is not updated, the incident ages out and is closed. If the issue on the object recurs and ENA raises another opening event within the set Expiry period, ENA also reopens the original incident.
   Expiry	time period during which the closed incident state can be reopened if the issue on the object recurs and ENA raises another opening event. After the expiry period, if the issue on the object recurs and ENA raises another opening event, then ENA will open a new incident.

3. Click OK to save your custom incident, otherwise click Cancel.

Example custom incident:

Incidents are configured from the Incidents tab of the Event Administration page. The following example creates a new SNMP failure incident that:

• Is raised when one of any three specified SNMP events occur.
• Is closed when an SNMP Agent Responding event is raised on the same source as the opening events.
• Ages out after 20 minutes and expires after 60 minutes.
• Includes two triggers:
  • A derived event which is generated when the incident is open five minutes after it is raised, i.e. State Precondition is set to five minutes.
  • An email which is sent two seconds after the incident is raised.

To create the example incident:

1. Click the Main Menu > Administration.
2. On the Entuity Administration page, click Event Administration.
3. Click the Incidents tab and then Add.
4. Define the incident general details. Enter:
   • A meaningful name and description of the incident.
   • In Opened By Any Of click Add, highlight an event and then click OK to add an opening event type. Repeat this for the three event types.
   • In Updated By, you can add events that update the state of the incident. For example, you can select an event that, if raised against the source object, indicates an escalation in the problem.
   • In Closed By Any Of click Add, highlight the SNMP Agent Responding event type and then click OK to add the incident closing event.
   • A 20 minute Age Out and 60 minute Expiry times for the incident.
   • When you want to use the incident ensure you have selected enabled.
5. Click the Triggers tab and then Add the email notification and derived event triggers.
6. Define the email notification trigger details and test condition:
   • Enter a meaningful name and description.
   • Set Delay to 2 seconds.
   • Set Condition to All Tests must succeed. Click Add and define the test by setting Type to Variable Test, selecting the email_boolean_send_control variable, Operations to equals and Value to ’true’.
7. In Actions define the email action. Click Add and define the action in:
   • Type select Send e-mail.
   • Parameters highlight recipients, click Set and then Choose. Set Value Kind to Variable Reference and Variable to the email_network_admin variable.
   • Parameters complete the subject and body parameters.
8. Click OK to create the trigger.
9. Define the derived event trigger details and test condition:
   • Enter a meaningful name and description.
   • Set Delay to 5 minutes.
10. In Actions define the create event action. Click Add and define the action in:
    • Type select Create event.
    • Event Type select the event type on which you want to base the new event.
    • Attributes click Add and then define the new event attributes, for example select name to rename the event.
11. Close and save your changes by clicking OK to the open Event Management System dialogs.
12. Your changes are not applied to the Event Management System until you save and deploy the project. Click the Save and Deploy icon, enter a meaningful description of your updates and click OK.