Manage Ticket Orchestrator Business Rules
Only Admins can manage business rules.
Admins can view business rules in list view or grid view, and can toggle between grid and list views using the button besides the Refresh button.
 |
 |
You can expand each folder to see the business rules in that folder. User can also delete the whole folder of business rules which will delete all the business rules in that folder.
 |
Admins can configure Ticket Orchestrator (TO) queries towards Netskope tenant(s) as business rules, allowing the user to specify which alerts to be used by TO to trigger ticket creation.
Go to Ticket Orchestrator > Business Rules.
Click on Create new rule and enter a rule name.
Select or enter a query in the alert filter. At least one filter must be selected.
Tip
Filters can be copied from the alert table and applied to a business rule.
Enter the folder name that you want to add it to, or you can select the existing folders. At max you can have 3 levels of hierarchy.
Click Save.
Admins can manage all the business rules from a single place on the platform at the “Business Rules” page. You can mute one or multiple business rules, edit the query for business rules, or delete the business rules from this page.
 |
Muting can be used to temporarily ignore any new alerts that would normally generate a ticket workflow.
 |
To delete a business rule, select the Trash icon on the rule and confirm the action.
 |
This function is used to filter known and acknowledged activities so that new tickets are NOT created using a match criterion. For example, the admin could mute on a particular user so that new tickets for the Dropbox test would not be opened when that user was attached to the alert.
You can add deduplication rules or mute deduplication rules to the business rules to deduplicate all the matching alerts into a single ticket on the target platform. Create a rule using a query for a specific match or use fields for a more generic approach to matching on anything associated with that field. For all the matching alerts, only a single ticket will be created and updated.
 |
Duplicated rules can also be edited.
 |
Both Admins and Users can copy a filter for a business rule. TO maintains the database of Alerts captured from configured plugins. Users can list the available Alerts, view the metadata and filter the Alerts.
Go to Alerts. The Alerts page shows all alerts matching any configured filter in the plugin configuration. The list is paginated with a default alert display count of 10. The records are sorted in descending order of alert timestamp from most to least recent occurrence.
An Admin can create a negative filter by selecting Not in the upper left hand corner. For more than one filter criteria, move the mouse to the upper right of the filter box to see and select the Add rule option.
Next, select the appropriate comparison operator And / Or by moving the mouse over the And button in the upper left, creating a multi-variable match as shown in the screenshot below. Individual rules can be deleted by clicking on the red trash icon to the right of the rule.
For alternative multi-data criteria, select Add group. Rules will be processed from top to bottom.
Click Clear to remove the custom filter; the UI will fall back to the default filter and Alerts matching the default filter will be listed as the screen refreshes.
After selecting the desired filter, click Apply Filter. Alerts matching the filtering criteria will be listed.
Users can copy the filter string so it can be used as a filter query in the plugin configuration.
Also users can enter the filter query manually and can load the filters according to the query.
Expand row functionality in table by clicking on the down carrot to see more detail about individual alerts.
Admins can create business rules from the Alerts page when the filter is applied. A business rule based on the filtered query will be created when the File Plus icon is clicked.
 |
 |