Alert management rules tab

The Alert management rules tab displays the rules for managing alerts on the VMware NSX Network Detection and Response. There are two lists, one for all licenses (Customer-scoped rules) and one for specific licenses (License-scoped rules).

Events are matched against the user-defined filters contained in these rules. Matching events are converted to INFO events (Demote) in the User Portal, are deleted (Suppress), or are assigned a custom impact value based on the selected action.

Customer-scoped rules

The Customer-scoped rules list defines the alert rules for all your licenses.

The quick search field above the list provides fast, as-you-type search. It filters the rows in the list, displaying only those rows that have text, in any field, that matches the query string.

Click the plus icon to add a new alert rule. The Manage alert sidebar is displayed.

Customize the number of rows to be displayed. The default is 25 entries. Use the left arrow (back) and right arrow (forward) icons to navigate through multiple pages.

The list is sorted by last modified date and includes the following fields:

Rule name

The name of the alert rule.

Click the sort icon in the list header to sort the list by rule name.

Expression

The matching expression of the rule is a number of filters that are matched against events. The expression may be truncated if it is too long. Expand the row to display the full content of the rule by clicking the plus icon (or anywhere on the entry row).

Click the sort icon in the list header to sort the list by expression.

Rule action

The rule action defines what to do with an event that matches the expression: demote the event to INFO, suppress the event, or assign a custom impact value from 1 to 100. The action may be truncated if it is too long. Expand the row to display the full content of the rule by clicking the plus icon (or anywhere on the entry row).

The rule name is appended to the action as a custom tag, for example tag:network_event=rule_name.

Click the sort icon in the list header to sort the list by rule action.

Last modified

The date and time of the last modification of the rule.

Actions

Click the edit icon to view/edit the rule. The Manage alert sidebar opens to allow you to view or make changes to the rule.

Click the delete icon to remove the rule.

License-scoped rules

The License-scoped rules list defines the alert rules for a specific license. Select a License from the pull-down menu. The list and its features are the same as the Customer-scoped rules.

Note:

If a license-scoped rule has the same name as a customer-scoped rule, the license-scoped rule has precedence for the specific license. The customer-scoped rule will be marked to indicate that it has been overridden.

Expanded rule expression and action

When you expand the row, the Matching expression displays the full syntax of the rule and the Actions displays the details of the action to be performed on matching events.