About Rules
Last updated on 02 September, 2024In Edwin AI, rules are used to add application logic to determine the outcome of a change made to particular data in the system. For example, you can set up rules to trigger certain actions when data is added, changed, or deleted from the system. Rules follow the logic ‘If this data is changed in a certain way, then the system reacts this way’.
Every rule is associated with an Action Group. To create a workflow, you start by creating an Action Group and define the included steps and actions to achieve the desired goal. Then, create a rule defining when the rule should be applied to run the associated actions. Edwin AI delivers a set of default rules that can deliver a certain set of actions when triggered.
A Rule has:
- A record type inherited from the associated Action Group.
- A rule type (automatic or interactive).
- A mandatory filter.
- An Action Group to run.
An Action Group has:
- A record type, for example, an event.
- A sequence of actions.
Types of Rules
Rules trigger the execution of an associated Action Group. There are two ways rules are triggered:
- Interactively from a user interface. For example, when a user creates or closes an incident that might trigger a rule for a certain outcome.
- Automatically through processing ingested events, machine learning, or integration records. For example, events that come into Edwin AI automatically trigger a rule to process events into deduplicated alerts.
Note: A rule is always associated with an Action. For more information, see About Action.
Automatic Rules
The associated action groups are conditionally triggered for this type of rule when processing the following record types:
- event—event records ingested through Edwin AI integrations.
- ml—machine learning observations from the processing of alerts, for example, a correlation.
- sncIncident—incident records received from the Edwin AI ServiceNow integration (LMDX).
- sncCmdb—cmdb records received from the Edwin AI ServiceNow integration (LMDX).
Automatic rules trigger actions that do not require any user interaction. For example, automatically creating a new alert when a new event is received. Or updating an existing open, alert record when a duplicate event is received.
Interactive Rules
For this type of rule, associated action groups are manually conditionally triggered for the following record types:
- Alert
- Insight
Interactive rules expose actions to a dashboard when filter criteria are met. For example, exposing an Action to a user to Assign to me, when the state of the selected alert is New.