Alarm Policies

The main Alarm Policies configuration page displays an overview of all current Policy settings in table format. It can be used to manage settings for individual Alarm Policies.

Hint

To apply filters to or export the information in the table, click the corresponding button to see available options.

The table lists the following information for each Alarm Policy:

  • State (green: Active, blue: Store, grey: Inactive)

  • Source Flow Analytics algorithm

  • Category

  • Total number of violations

  • Number of Exporters being monitored for violations

  • Event aggregation timeout

  • Weight

Clicking a name opens the configuration tray for that Alarm Policy, where the state (Active, Store, or Inactive) and other settings can be configured. Notification Profiles can also be assigned to the Policy from this tray.

Notification Profile settings

When Notification Profiles are assigned to an Alarm Policy, their behavior can be further customized using the following options:

Frequency
Specifies how often the actions specified in the Notification Profile are triggered
Each Observation - Actions are triggered every time observed traffic meets the conditions of the Alarm Policy, regardless of duration.
Rate - Actions are triggered every Nth Event with the exact same criteria.
Each Event - Actions are triggered for every Event (aggregated observations based on the Policy’s Timeout setting) reported under the Alarm Policy.

Notification Filter
Allows Event details (e.g., violators, devices, message contents) to be used as conditions to trigger or bypass notification actions.
If no filters are specified, notification actions will be triggered for all observations and/or Events under the Alarm Policy.

Hint

When setting up notification inclusions or exclusions for observations/Events matching certain criteria, use the Alarm Monitor page to drill down into the Policy -> Event -> Observations views to see which details should be applied as filters.

To add separate notification configurations for different observation/Event criteria, assign multiple Notification Profiles to the Alarm Policy. The same Notification Profile can also be added multiple times with different frequency settings and/or filters.

Important

The frequency setting for each Notification Profile assignment is applied to all notification actions enabled by the configured filters.

For further details on how Alarms work and configuration recommendations, see the Alarms and Events configuration guide.