The actions page allows you to set up an automatic workflow that occurs when behavior models are triggered. Actions can be assigned to specific behavior models in order to specify when alerts should be forwarded to any desired users.
Behavior actions define what actions should be performed when a certain behavior alert is triggered. Actions can be defined for multiple behavior models, and multiple actions can be defined for a set of behavior models. Clicking the “+ ACTION” button will redirect you to the form to create a behavior action.
The first field on this form is a description to describe what the action does. Next, select any desired lambdas. Lambdas can be used to perform more complex functions on an action. More details on how to use lambdas can be found in the “Lambdas” section below.
Next, select the behavior model(s) that this behavior action should apply to. Lastly, select the actions you want to apply to the behavior model(s).
Above is an example of an action. This action is written to act on the Event Interruption model set. When one of these behavior models is triggered, the “Notification-Default” action will be performed. More information on how to create these actions is detailed in the API Configuration section below.
Actors are external systems that can receive Fluency alerts and tickets. For some of these systems, Fluency is able to sync the status of tickets so that when tickets are closed or acknowledged on those sites, they are also closed or acknowledged on Fluency, or vice versa.
Click the “+ ACTOR” button to open a dropdown menu listing all the available actors. Fluency currently supports PagerDuty, Slack, SentinelOne, and Peplink integration.
Once an actor is selected, you will be redirected to a page where you will be given the option to name the actor. The only required field besides this is the token. Once this is inputted, you will be able to save the actor.
API configurations allow you to define an action. For example, an action with actor type “Email” will send an email to specified users when something occurs. An action with actor type “Slack” will send a Slack message to a specified channel when something occurs. Click “+ API CONFIG” to open a dropdown menu that displays the available actor type options.
Above is an example of a “Notification” actor type. These are the default settings that appear when you select the Notification action type from the dropdown menu. The default name is “Notification-Default.” If desired, select an Actor Name.
The API parameters are set based on the API call used for this particular actor type. If a box to the left of a row is checked, this means the field is optional. Click the edit button to the right of any row to edit that field.
Page last updated: 2021 Oct 19