Automation and Trigger Overview

AutomationsClosed Automated procedures that are executed as the result of a trigger. Automations consist of a single entry point and a sequence of connected nodes that define the processing logic. associate triggersClosed A set of one or more indicators that have been correlated based on certain relationships, such as time, metric type, application affected, location, or network device. with runbooksClosed An automated workflow that executes a series of steps or tasks in response to a triggered event, such as the detection of anomalous behavior generating an incident, a lifecycle event, or a manually executed runbook., causing a runbook to execute an investigation in response to a trigger, based on user-defined conditional criteria. Automations are used for all trigger categories (new incidentClosed A collection of one or more related triggers. Relationships that cause triggers to be combined into incidents include application, location, operating system, or a trigger by itself., incident lifecycle, and external) and all of their constituent trigger types.

Automations are managed using the Automation Management page:

Navigate to the Automation Management page:

  1. Click the Launchpad button ⁝⁝⁝.
  2. Click AI OpsAutomations.
  3. In the Management page, click the Hamburger Icon, then click Automation Management.

Each automation comprises these components, which are defined using the Add an Automation wizard:

  • Trigger: The occurrence to be investigated or recorded.

  • Condition: The user-defined criteria that determines when a runbookClosed An automated workflow that executes a series of steps or tasks in response to a triggered event, such as the detection of anomalous behavior generating an incident, a lifecycle event, or a manually executed runbook. will execute in response to the trigger.

  • Runbook: The automated investigation to be executed in response to the trigger.

  • Order of execution: The automation's precedence for its trigger type. Each automation must have a unique Order number for the trigger type; you cannot have two or more automations for a trigger type with the same Order number. If you create a new automation and assign it Order 1, all existing automations for that trigger type will be decreased in order (i.e., the previous Order 1 will become Order 2, and so forth down the list for that trigger type).
    The first automation that is matched for an incident or lifecycle trigger, according to the defined condition, is the automation that will execute for that trigger type. This means that, when more than one automation is defined for a trigger type, the first in order should have extremely specific and restrictive conditional criteria, with successive automations having increasingly broad and permissive conditional criteria.

See the Automation Overview video for a narrated tour of the Automation Management page.