Managing Actions
Security Requirements and Controls
Change triggers and actions
permission
Within the Actions
page, actions can be
created, deleted, exported, and duplicated.
To manage Actions, click the tab within a repository and select from the left menu. Actions are managed and organized according to the repository that the query is executed within. The main page displays a list of the configured actions for the repository, as shown in Actions Management Page
Figure 211. Actions Management Page
Existing actions can be searched by using the Find action... search box at the top of the page. The box will filter the list of available actions according to their name or type.
A new action can be created via the Creating Actions.
button. SeeClicking on one of the filter names, for example VictorOps above the list of available actions will filter the display to show only that type of action.
Clicking on the menu icon ⋮ to the right of an action performs the following actions on that action only:
Figure 212. Action Management Popup Menu
Duplicates the action and all the configuration parameters. See Duplicating an Action.
Exports an action and configuration information as a YAML file that can then be used as the basis for new actions.
Deletes an action, providing that action is not associated with an existing alert.See Deleting an Action.
Duplicating an Action
Security Requirements and Controls
Change triggers and actions
permission
Duplicating an action copies the entire configuration of an existing action to a new name. Either action can then be updated with different parameters, for example, updating the forwarding repository or changing the email template used for the action.
To duplicate an existing action:
Go to the Repository and Views page.
Select a Repository or View.
Click the
tab on the top bar of the User InterfaceSelect
from the menu on the leftLocate the action that will be duplicated, then click the menu icon ⋮ next to the action name and choose
The Duplicate action prompt will be displayed. Name the new duplicated item in the Name field. The name should not already exist.
Figure 213. Duplicating an Action Dialog
Click the
button. The new action should appear in the list.
When duplicating an item, the item is an exact copy of the original, including the configurations and settings, templates, and other parameters. The new action should be modified and associated with an alert or scheduled search before it can be used.
Exporting an Action
Security Requirements and Controls
Change triggers and actions
permission
Exporting an action saves the entire definition of an action to a YAML file on the client machine. The export action can then be used as the basis for new actions, or copied between clusters.
To export an action:
Go to the Repository and Views page.
Select a Repository or View.
Click the
tab on the top bar of the User InterfaceSelect
from the menu on the leftLocate the action that will be exported, then click the menu icon ⋮ next to the action name and choose
The operating system native dialogue for saving a file will be shown. Choose a location for the file, and a filename: the file will be saved with a
.yaml
extension.Click the
button: the action will be saved to the file on disk on the client machine.
The saved file contains a complete copy of the configuration information; enough to completely recreate the action.
Deleting an Action
Security Requirements and Controls
Change triggers and actions
permission
Deleting an action removes the action and configuration. An action that has been assigned to a working alert cannot be removed; the alerts must be edited to remove the actions and then the action can be deleted.
Hint
Before deleting, if you think you might need the action again, you can export the action to a YAML file. See Exporting an Action
To delete an action:
Go to the Repository and Views page.
Select a Repository or View.
Click the
tab on the top bar of the User InterfaceSelect
from the menu on the leftLocate the action that will be deleted, then click the menu icon ⋮ next to the action name and choose
The Delete action dialog will be presented to confirm the action deletion.
Figure 214. Deleting an Action Dialog
If the action is configured or assigned to a scheduled search or alert, an alert will be presented to show that the action could not be deleted. The action should be removed for any configured searches and alerts before you delete the action.