Forum Discussion
Solved
Prevent alert grouping from changing severity?
Greetings
I have a situation where an automation rule, as I understand it, doesn't have effect or isn't triggering. I need some help figuring out if I've missed something. My end goal is to prevent alert grouping for an incident from changing the incident severity that has been set by a preceeding automation rule.
I have an example below where an incident has been created with one alert, an indicent update automation triggers when a certain incident tag is added and changes the severity to low. After that change another alert is added with the severity high which changes the severity of the incident to high which is not the intended logic.
I have therefore created the below automation which, in my thinking, would run late in the process and prevent the alert grouping update task from setting the severity. But this automation rule never seems to trigger, or at least the incident severity is never changed back to the original severity.
Can my logic be achieved in any other way? Like is there a global switch that would prevent all alert groupings from changing the incident severity?
/Fredrik
- It looks like you are checking for two different values for the Severity: "Changed to High" and "Equals Low" which are mutually exclusive so the rule would not fire.
- GBushey
Microsoft
It looks like you are checking for two different values for the Severity: "Changed to High" and "Equals Low" which are mutually exclusive so the rule would not fire.
