Hey Adam,
Curious if there's a configuration file or something I can do on my end to enable Severities other than CRITICAL?
Mark Sanchez // Firewall Engineer II *deepwatch* // *Advancing Security Operations* *Mobile:* 716.418.5420 *Office**:* 855.303.3033 Website https://deepwatch.com // Facebook https://www.facebook.com/deepwatchsec // Instagram https://www.instagram.com/deepwatch_sec/ // LinkedIn https://www.linkedin.com/company/deepwatchsec/ // Twitter https://twitter.com/deepwatch_sec
On Thu, May 7, 2020 at 10:11 AM Rick Heil rheil@mergeworld.com wrote:
Same here. Our alerting process is based on "can wait till morning" and "oh my god GET UP RIGHT NOW". Would be great to be able to have the criticality have some sort of low/medium/high selector in the UI, we can take care of structuring the logic for different thresholds manually by just creating a few additional alert checkers and categorizing them as appropriate.
R
On Thu, May 7, 2020 at 6:52 AM Mark Sanchez via observium < observium@observium.org> wrote:
Yes, as simple as that is - it would greatly help our implementation, keep things straight-forward in the UI, instead of workarounds like looking for tags in the description.
Kind Regards, Mark Sanchez
On May 6, 2020, at 11:09 PM, Adam Armstrong via observium < observium@observium.org> wrote:
Do you mean in so much as just setting an alert checker to be a severity, so you can use that bit of meta data elsewhere?
Like I mentioned earlier, the reason I’d not implemented that already is because that always seemed little simplistic to me, like there was a gotcha scenario just waiting to appear.
Adam.
On 6 May 2020, at 22:08, Ryan, Spencer J. via observium < observium@observium.org> wrote:
I agree being able to set the priority would be good. Many downstream notification systems can have their own routing logic based on severity, time of day, etc.
*From:* observium [mailto:observium-bounces@observium.org observium-bounces@observium.org] *On Behalf Of *Mark Sanchez via observium *Sent:* Wednesday, May 6, 2020 2:28 PM *To:* Observium *Cc:* Mark Sanchez *Subject:* Re: [Observium] Reoccuring Scheduled Maintenance
*CAUTION EXTERNAL EMAIL:* DO NOT open attachments or click links from unknown or unexpected emails.
We have setup our ticket platform (ServiceNow) to use the severity sent over, which has been critical for everything.
I like the idea of having it in the UI as a configurable field, which makes scaling this better/easier.
If this is something you plan to do, please let me know an ETA - it might save from bandaid-ing the way you mentioned.
Thanks Adam.
Kind Regards, Mark Sanchez
On May 6, 2020, at 2:21 PM, Adam Armstrong via observium < observium@observium.org> wrote:
If I was to add severities, it’d probably be in the form of multiple tests so an individual checker can return different severity levels.
I’m not sure I understand the need otherwise, except as a manual field you can set in an alert checker and have that passed through in an alert. This can easily be done by just putting some text in the alert checker description.
*Confidentiality Notice*
This communication constitutes an electronic communication within the meaning of the Electronic Communications Privacy Act, 18 U.S.C. Section 2510, and its disclosure is strictly limited to the recipient intended by the sender of this message. This transmission and any attachments may contain confidential information and work product(s). If you are not the intended recipient, any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is *STRICTLY PROHIBITED*. Please contact deepwatch immediately by return e-mail or call (855) 303-3033 and destroy the original transmission and its attachments without reading or saving in any manner. _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium http://postman.memetic.org/cgi-bin/mailman/listinfo/observium