The Correlation Action Manager allows you to configure the following types of actions:
Configure a Correlated Event
Add to Dynamic List
Remove from Dynamic List
Execute a Command
Send an Email
Create an Incident
Each action type has a set of configurable parameters.
One or more of these action types can be associated with a correlation rule when the correlation rule is deployed. If none of these action types are selected, a correlated event will be created by default. When a default correlation event is triggered, it will have the following values:
Field Name |
Default Values |
Severity |
4 |
Event Name |
CorrelatedEvent |
Message |
<empty> |
Resource |
Correlation |
SubResource |
<Rule Name> |