# Creating and Updating Correlation Policies

Follow the below steps to view and manage the Alert correlation policies.

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_vsK5oLLhswOsaF2Ks%2F-M_vzVyH141HRofQmgoI%2FScreen%20Shot%202021-05-17%20at%201.21.49%20PM.png?alt=media\&token=5617492d-9fbc-4bd7-a6d8-44215cc73b7f)

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_vsK5oLLhswOsaF2Ks%2F-M_w-U_7sYeV93UHCkuW%2FScreen%20Shot%202021-05-17%20at%201.25.56%20PM.png?alt=media\&token=715de015-3a01-4fa4-a806-2ff13e697d61)

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_vsK5oLLhswOsaF2Ks%2F-M_w0ONNg8BIGdLf02Zs%2FScreen%20Shot%202021-05-17%20at%201.30.02%20PM.png?alt=media\&token=f2d904a5-1782-4be6-a7e6-a9d530a1f80f)

### **Correlate Burst policy:**

Follow the below steps to create a '**Correlate Burst**' policy.

Click on '**+**' buton to create a new Correlation policy and select the policy type as '**Correlate Burst**'

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_vsK5oLLhswOsaF2Ks%2F-M_w1b6rPvl2aWq5xDOP%2FScreen%20Shot%202021-05-17%20at%201.34.18%20PM.png?alt=media\&token=34dd00c6-77bd-490d-977a-bd46d98a1e61)

As highlighted in the below screen, define the correlation burst policy settings appropriately.&#x20;

Set correlated alert group’s minimum severity. (**Note:** Incident’s severity is set to highest severity, if one of the grouped alert’s severity is higher than policy’s severit&#x79;**)**

**Raise Count:** Alert burst count (minimum)

**Raise Rate (seconds):** Rate of Alerts burst count within the defined time (seconds)

**Group Expiry (minutes):** Time window (for how long) to keep this policy active to group the burst of alerts

**Auto clear after last update (minutes):** Clear the Alert automatically after defined time (if there is ‘NO’ clear / recover message for the alert) (Note: when set to ‘0’, alert will be cleared automatically if there is a clear / recover message for the sam&#x65;**)**

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_vsK5oLLhswOsaF2Ks%2F-M_w2PTuMnj-oJCpDAFf%2FScreen%20Shot%202021-05-17%20at%201.38.43%20PM.png?alt=media\&token=3450545f-002b-4638-93e5-88deb535eea8)

As shown in the below screen, Limit the Correlation burst policy scope to specific alert source (Nagios, vROps etc..) or it’s attributes (Site / application name etc.. )

**Group by** '**Attributes**' helps to correlate and group the alerts based on Alert attribute (one or more) selection.&#x20;

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_vsK5oLLhswOsaF2Ks%2F-M_w4aUMt6GSFZ5h_Ka5%2FScreen%20Shot%202021-05-17%20at%201.48.20%20PM.png?alt=media\&token=027aeec4-adcc-47ab-a9a0-642d972079cb)

Once the correlation policy is selected, make sure the policy's **Enabled** status is set to '**Yes**'.&#x20;

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_w5LkcC3K-luvd7soy%2F-M_w66tGD_QjmdirrV5s%2FScreen%20Shot%202021-05-17%20at%201.54.53%20PM.png?alt=media\&token=f4ae3800-5ace-404b-8ce3-34a8f3977022)

### **Correlate Group policy:**

Follow the below steps to create a '**Correlate Group**' policy.

Click on '**+**' buton to create a new Correlation policy and select the policy type as '**Correlate Group**'

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_w6j6aob61P6PYM6oG%2F-M_w79re3aJiMFqXOm-V%2FScreen%20Shot%202021-05-17%20at%201.59.38%20PM.png?alt=media\&token=d654f2c4-fa9a-45ae-99ed-d0040e430ba4)

As highlighted in the below screen, define the correlation group policy settings appropriately.&#x20;

Set correlated alert group’s minimum severity. (**Note:** Incident’s severity is set to highest severity, if one of the grouped alert’s severity is higher than policy’s severit&#x79;**)**

**Group Expiry (minutes):** Time window (for how long) to keep this policy active to group the burst of alerts

**Auto clear after last update (minutes):** Clear the Alert automatically after defined time (if there is ‘NO’ clear / recover message for the alert) (Note: when set to ‘0’, alert will be cleared automatically if there is a clear / recover message for the sam&#x65;**)**

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_w6j6aob61P6PYM6oG%2F-M_w7ht-xAYck3YdAVJB%2FScreen%20Shot%202021-05-17%20at%202.01.57%20PM.png?alt=media\&token=3ad2319a-4313-4712-af03-ab4d4554f39e)

As shown in the below screen, Limit the Correlation burst policy scope to specific alert source (Nagios, vROps etc..) or it’s attributes (Site / application name etc.. )

**Group by** '**Attributes**' helps to correlate and group the alerts based on Alert attribute (one or more) selection.&#x20;

Click on '**Save**' to create the correlation policy.

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_vsK5oLLhswOsaF2Ks%2F-M_w4aUMt6GSFZ5h_Ka5%2FScreen%20Shot%202021-05-17%20at%201.48.20%20PM.png?alt=media\&token=027aeec4-adcc-47ab-a9a0-642d972079cb)

Once the correlation policy is selected, make sure the policy's **Enabled** status is set to '**Yes**'.&#x20;

![](https://4260296531-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAygHzNCQ33zRR43qxF%2F-M_wEVLqCMqV8ibPys-6%2F-M_wFCUiZ-p4KwFo_bYL%2FScreen%20Shot%202021-05-17%20at%202.34.42%20PM.png?alt=media\&token=7aee9aea-d33d-402d-93a6-94f0a9a78581)

##