Configuring Correlation Policies

Learn more on how you setup correlation policy to generate Situations from signals.

Use rules, signal responses, and remediation to build a Correlation policy. Users can create Correlation Policies at domain or organization or tenant levels. Refer this documentation on how a correlation policy works.

Note: The correlation rules offered by Resolution Intelligence Cloud do not include the OpsRamp's correlated signals.

Order of Precendence

By default, some correlation policies exist at organization level. These default policies can be pushed to their tenants if they would prefer to use them. However, you can override them by creating new policies at tenant level. The order of execution of correlation policy starts at tenant, followed by organization and then domain.

User Permissions

• Global Administrators
• Account Owners
• Configuration Managers

To add a Correlation Policy,

1. Click  the gear icon at the top (or) hover over  icon at the top left corner.

2. In the bottom of the left menu, click Configurations.

3. In the left menu, under Signal Management, click Correlation Polices.
   You will be navigated to the Correlation Policies page.

4. Click Create New Policy on the top right corner of your screen.
5. Enter Correlation Name.
6. Under Situation Title,  
   • Check box left to preserve the existing Situation title for signals correlated using this policy or it will be overridden: This option allows you to use the existing Situation title instead of creating a new title for the incoming signals.  (Or)
   • Use the following options, if you would prefer to create a new title.
     • In the Situation Title field, enter a suitable title.  
     • Click Add Macro.
       A window opens on your screen.
     • Select an option from the dropdown list.
       When multiple signals are associated with a Situation, assigning single signal attribute becomes impossible. Macros play a vital role in incorporating several attributes from all correlated signals into a Situation subject
       
       • "cited" - The selected field value will be added to the subject. You can manage the number of values to include using the "Number of items" field.
       • "count" - displays the count of the selected attribute in the subject.
       • "to_list" - The selected field value will be appended to the subject.
       • "top" -  adds the top three selected field values to the subject.
       • "unique" - includes the unique values of the selected field in the subject.
       • "unique_count" - adds the count of unique values of the selected field to the subject.
     • Click Add Field. 
       A window appears on your screen.
     • Select an option from the dropdown list. Then, click Add Macro.

7. Click +Add Condition or +Add Group to enable matching conditions.

• • Construct the condition expression for the correaltion policy. Select a field and operator from the drop-down lists. For the value, select a value from the drop-down list or enter it manually, depending on the field type. The condition is used to determine the records to which the rule will apply.
  • A condition expression can consist of several phrases, joined by an And or Or. For each phrase, select a field, operator, and value. Click the   button to add an additional row. Use the parentheses and And/Or options to join the phrases together to form a condition expression.

8. Click Add Fields to Correlate.
    A window opens on the screen.

       a. Select an appropriate field from the dropdown list to which you want to apply correlation.

b. In Key field, enter a key (for example, Tag) 
Note: Key field is applicable for Asset tag only

c. Check the radio buttons left to any one of the below options appropriately

• • • Should exactly match with a signal in open ticket: Correlation happens when a given keyword matches with the existing signals in the open ticket.
    • Should ______ : Correlation happens when any one of the below options match with given values. 
      • Start with
      • Not start with
      • Match
      • Not match
      • End with
      • Not end with
      • Contain word(s)
      • Not contain word(s)

For example, Key "sample tag" starts with "test1".

Note: The Add Fields to Correlate supports AND operation only.

    9. Under Correlation Time Window, 

a. Select Window Type from the dropdown menu.

• • Fixed: After a fixed time, correlation of signals stops.
  • Sliding: Time window moves with the addition of new signal or instance.
  • Open Signal: No time window is given

 b. Select Type from the dropdown menu.

• • Days
  • Hours
  • Minutes

10. Enable Rule Isolation, if you would like to isolate the rule that you have created.
When Rule isolation is enabled, an ActOn or Situation will exclusively consider signals correlated by these rules alone. Rule isolation refers to a configuration or setting that restricts the correlation of signals within a specific rule or set of rules.

11. Click Create Correlation.

Importing a Correlation Policy

Resolution Intelligence enables you to either create a new policy (set of rules) or import rules from Account Hierarchy or from a JSON file. The tenant users can import the default rules that are defined for their respective organization or domain. 

To import rules,

1. Navigate to Configurations --> Correlation Policy.
2. Hover over button and select appropriate option from dropdown list.
   • From Account Hierarchy
   • From JSON
3. Select From Account Hierarchy.
   A window appears on screen.
4. Select existing rules from Organization or Domain.
5. Click Proceed to Summary and then click Submit. Your rules will be uploaded successfully.
6. If you select From JSON, a dialog box appears on screen.
7. Select your file and click Open. Your JSON file will be uploaded.

Once you have created a correlation policy, by default, it is listed under the Active Rules UI where you can Edit, Sort, Delete, Disable, and View the rules that are configured successfully.