Manage triggers

Security Requirements and Controls

  • Update triggers permission

Several options to manage triggers are available from the Triggers overview page.

  • To search existing triggers, use the Search... field. Search can be used for most fields from the trigger except Last triggered, Last executed, Last modified at, Backfill limit, Delay run, Max wait time, and Time window.

  • To filter the list of triggers, use the filter buttons for Status or Trigger type.

  • To create a new trigger, click + New trigger. For more information, see Create triggers.

  • To edit a trigger, click on an trigger name in the list. For more information, see Edit triggers.

  • To manage a trigger, click the menu icon and select one of the following options:

Screenshot showing the options for managing triggers

Figure 211. Manage triggers


  • Disable / Enable the trigger. This action requires the Update Triggers permission. There may be times when you want to disable an alert. You might do this, for instance, if you received a notification of an alert and need time to resolve the problem. You might want to disable the alert until it is resolved, so that it will not bother you while you work on it. You can re-enable it when you finish.

  • Show status is displayed when the trigger has a Warning, Error, or Disabled actions status — click this option to show the error and/or warning messages.

  • Clear status allows you to clear the status — if the problem reoccurs, the status appears again.

  • Duplicate the trigger. This action requires the Create Triggers permssion. Over time you will find that you have many triggers that are similar, but with slight deviations to their underlying queries. To make it easier to create a trigger that is similar to an existing one, you can duplicate it and then modify it.

  • Export as template for future reuse. This generates a YAML file that your browser downloads. If needed, edit this file with a simple text editor before using it later. You might export all of your triggers and keep a version history of changes by storing them on GitHub or elsewhere as a back-up, and to install them to your repositories from there.

  • Asset sharing

    Allows you to give another user or group access to read, edit, or delete triggers.

  • Delete the trigger. This action requires the Delete Triggers permission. The Delete action cannot be undone and you cannot restore a trigger.

For more details on monitoring the alert execution and the list of alerts on this page, see Monitor, diagnose, and troubleshoot triggers.

Permissions for triggers
Security Requirements and Controls

Sometimes you might want to collaborate with another user on a trigger, but that user does not have permission to triggers in the view. If you have permissions to do so, you can grant permissions to that user to edit and delete a particular trigger in a view. For more information about asset permissions, see Asset permissions.

If you do not have Change user access permission on the repository, you will see a list of users only (no groups) that already have at least Read permissions on the repository. You can select from these users and give them more permissions (up to the same permissions you have).

To grant access to edit or delete a trigger to another user or group:

Asset creator/Regular user

The creator of an asset and regular users can share the same permissions that they have to the asset with users who already have read access to the view. You cannot share access with users who do not have read access to the view. You cannot share access with groups at all.

  1. Click ⋮ next to the trigger you want to share and select Asset sharing.

  2. In the Users and groups with access window you see users who currently have access to the trigger and what access they have.

  3. Click Share scheduled search or Share alert.

  4. Click to select the user to get additional permissions. Note that you can only see users who already have read permission to the view. Click Next.

  5. Select the appropriate permissions to assign the permissions. Click Grant permissions.

You have Change user access permission

With Change user access permission, you can grant permission to users, including read permission if the user does not have that, and permissions that you do not have yourself. You can also see groups and group members and what permissions they have in the Groups tab, but you cannot change the permissions for the group in the Groups tab. To be able to change the permissions directly from the group tab, you must have Change organization permissions permission.

To grant additional permissions to a user that already has read access to the view:

  1. Click ⋮ next to the trigger you want to share and select Asset sharing.

  2. In the Users and groups with access window you see users who currently have access to the trigger and what access they have.

  3. Click the button next to the user or group in the list.

  4. Click to assign the permissions. Click Save changes.

  5. Click Close.

If you have the Change user access permission and you want to share permissions to the trigger with a user or group not in the list, or you want to give a group that is in the list additional permissions:

  1. Click Share scheduled search or Share alert.

  2. Click to select the group or user who should get additional permissions. Click Next.

  3. Select the appropriate permissions to assign. Be aware of the message that the user or group gets Read access to all assets in the repository automatically when assigning asset permissions for one asset in the repository. Click Next.

  4. Confirm that you understand that you are granting Read access to all assets in the repository by adding the asset permission for the user or group. Click Grant data read access.

  5. Click Grant permissions.