Configure Actions and notifications
Unomaly responds to triggers and conditions in systems and situations based on the Actions that you define. When one of your systems goes offline or when the production environment produces significant anomalies, you want Unomaly to take action. This action can be to send an email to a specific user, to post to a team chat room, or to flag the event for later review.
Other examples of actions and conditions are:
- Flag, or display an alert in the web interface, for all situations that include events with a classification of “warning” or higher.
- Send an email to a specific user when Unomaly receives a certain known event more than once.
- Post messages to the team Slack channel when the production environment produces significant anomalous events.
- Run an external script when Unomaly detects events that are tagged with “security”.
- More complex logic, such as: Flag all situations that contains events tagged with “known security” that also contains anomalies.
To post or notify to a team chat room, or other external solution, you need to create and configure a plugin to post to that chat service. Unomaly ships with plugins for Slack and HipChat. See "Integrations and plugins".
Add a new action
1. Go to the "Actions" page and click "Create New" in the upper right.
2. In the “New Action” window, create an action by: adding the conditions to match on specific systems or groups and defining the type of actions to execute.
Define the conditions to match
You can define one or more conditions for Unomaly to match against when triggering actions. Conditions are based on the state of a system or contents of a situation.
1. Click "Add condition".
After you select one of the conditions in the column, more options will appear to help you refine the condition.
Condition | Description |
---|---|
system is away | Select a predefined period of time "longer than normal" or a threshold in seconds to wait. |
situation has score | Specify the situation score, between 1 and 10. |
situation contains known | Select the known to match using the id, classification, or tag. |
situation contains anomaly | Select one or more types of anomalies to match. |
2. Click "Apply".
Select the systems or groups
1. Click "Add system".
Select the systems or groups to monitor for the conditions you defined. You can specify systems and groups by their id (name), or choose to match on any system.
2. Click "Apply".
Select the actions to execute
Click "Add action" to specify one or more actions to run when the conditions are met. Default actions include email notifications and alerts. You can also select actions from configured plugins, such as integrations with external services. If you have custom actions available, you can select them in this list.
Email notifications
To define an email notification:
1. Select "send email to".
2. Type in or select the email addresses to notify.
3. Click "Apply".
Note: If you did not configure the email server, your Unomaly instance can not send notifications. See "Configure email capabilities".
Alerts
To define an alert:
1. Select "flag situation as alert for".
2. Specify the number of days to display an open alert.
An open alert displays as a red exclamation point on situations that match the defined conditions.
3. Click "Apply".
You can then review the situations that are flagged and close the alerts manually. Otherwise, the alerts will close automatically after the specified duration.
Action plugins
You can configure plugins to use with Unomaly actions. For example, you can use plugins to send notifications to external services, send an SMS to your phone, or run an external script. Unomaly ships with plugins for Slack, HipChat, Microsoft Teams, and others. See "Integrations and Plugins".
1. After you enable the plugin in Settings > Plugins you can select it in the "Add actions" list.
If the plugin has configuration options, you will be prompted to fill out the information. For example, the Slack plugin will ask you to type in the channel you want to post to. This means that you can define actions to send your situations to different slack channels.
2. Click "Apply".
Save the action
After you define the conditions and actions, click "Save" at the bottom right.
Actions are named automatically when you save them. The names are based on the predefined conditions.