Edit triggers

Security Requirements and Controls

  • Update triggers permission

Edit existing triggers as needed to adjust properties.

Note

You cannot switch between trigger types once the trigger is created. To recreate a trigger as a different type, duplicate the trigger and change the type. For more information, see Duplicate Trigger.

  1. Go to the Automation tab to see the full list of triggers saved in the repository or view.

  2. Click on the name of the trigger to edit.

  3. Change the properties in the Properties panel — for example, you can add a description of the trigger or change the time window. For the full list of the properties that can be modified in an existing trigger, see Trigger properties.

  4. To edit the current trigger query, click Edit in search page under Query:

    Edit Query

    Figure 197. Edit Query


  5. You are redirected back to the Search environment in Editing trigger mode, where you can select fields and refine your query.

    Screenshot showing the UI Editing trigger mode

    Figure 198. Edit Query from the Search Page


  6. Click Save to save the new query, or Discard changes to cancel any edits you have made. Saving the edited trigger will create and, if necessary, restart the alert query.