A common scenario involves separating alerts from a single mailbox/endpoint.
AlertOps can accomodate a variety of configurations that satisfy this requirement. For this article, we will use the example of an email message coming from a monitoring system, where different teams recieve alerts based on the system being monitored. A single mailbox is configured for all messages coming from the monitoring system, with filtering being performed within AlertOps. AlertOps can filter an email message based on Subject, Senders/Recipients, Body, and Priority, individually or collectively.
For this article we will use the example of alerts being generated by email messages containing a system name in the subject of the email. Each team will have their own integration, with the systems they support being defined in the integration. We will use an Email team and a SQL team.
We begin by creating an email integration. Select Integrations from the menu, then Inbound Integrations. Under Email, press the Add Integration button, from the Integration Template dropdown choose a pre-built template, or Custom. We will use Custom for this example.
Choose your mailbox name, we will use Monitoring for our example. Name the Integration (as this is team centric, the team name is a good place to begin). Choose a Escalation Rule and a Recipient Group. The Escalation Rule can be used for both teams if you choose, or separate Rules can be configured if you wish to have distinct delivery behavior.
Next, expand Advanced Settings, then expand Filters To Match Incoming Emails.
Press Add next to Subject Filters (the Integration must be saved for the button to be active), enter your keyword in the resulting box, save. We will use Email for this example.
The filter will default to AND. Unless/until we have more than one condition, this is correct.
With this Integration in place, any email received at the Monitoring mailbox with Email in the subject will create an alert for the Email Support team.
Multiple filters may be added to a single Integration. As you add filters, you may select both AND and NOT to create the OR argument. You must have at least one filter in place before creating OR arguments. You will need to edit the first keyword to make it OR. A NOT argument will trigger based on the absence of the keyword.
Configured this way, any email received with either Email or Exchange in the subject will fire the alert.
To notify a different team when an email is received at the Monitoring mailbox regarding a different system, create a new Integration as below (you may clone the existing Integration to save time and maintain consistency).
Notice the Integration name and the Recipient Group are different, as is the Subject Filter, but the mailbox is unchanged.
With two Integrations in place, both watching the same mailbox, alerts regarding Email systems will route to the Email Support Team, while SQL alerts will route to the SQL Support Team.
Additional Integrations can be configured for additional teams/systems, or additional systems can be added to existing Integrations. Many different configurations may be derived from this model.