Alert Priority in AlertOps
Overview
In AlertOps, the priority of an alert — Critical, High, Medium, Low, or No Priority — is determined by the Escalation Policy or Response Play that handles it, not by the inbound payload directly. This means priority is a property of how AlertOps processes the alert, not simply a passthrough of what the source sends.
Mapping Inbound Severity to Priority
A common requirement is to honor the severity value coming from the source system — for example, a monitoring tool that sends alerts tagged as Critical, High, Medium, or Low — and route each to an Escalation Policy or Response Play that reflects the corresponding priority.
This is achieved using Escalation Policy / Response Play Overrides, configured under Advanced Settings of the Inbound Integration.
How it works:
If the inbound payload (JSON, email, etc.) contains a field that carries the severity — for example, a key named severity — you create an override condition for each value:
| Condition | Override Action |
|---|---|
severity contains critical |
Use Escalation Policy/Response Play → Critical Priority |
severity contains high |
Use Escalation Policy/Response Play → High Priority |
severity contains medium |
Use Escalation Policy/Response Play → Medium Priority |
severity contains low |
Use Escalation Policy/Response Play → Low Priority |
Each override maps a source field value to a specific Escalation Policy or Response Play, ensuring that inbound severity is faithfully translated into AlertOps priority-based routing — all within a single integration.
Alternative Approaches
If overrides at the integration level don't fit your use case, the same outcome can be achieved through:
- Workflows — apply priority mapping logic as part of a broader automation chain. (You can also 'Update Alert Priority' as a Workflow 'Action' based on conditions)
- Multiple Integrations — create separate integrations (sequenced) for each priority tier, using filters as the conditions that determine which integration processes a given alert. AlertOps supports an unlimited number of integrations per endpoint, making this a fully scalable approach.
Summary
Priority-based routing in AlertOps is intentional and explicit — it is always tied to an Escalation Policy or Response Play. The Override mechanism at the integration level is the primary, recommended method for mapping inbound severity to the correct policy, keeping configuration clean and centralized within a single integration.