Why Enrich Alerts?
- Provide Context: Add critical information, such as related customer data or ticket IDs.
- Enable Automation: Use enriched fields in subsequent actions for dynamic processing.
- Improve Visibility: Surface essential metadata for better decision-making.
How to Enrich Alerts
Using the enrich_alert
Directive
The enrich_alert
directive is used in actions to add or update fields in the alert. You specify a list of key-value pairs where:
key
is the field name to add or update.value
is the data to assign to the field. It can be a static value or dynamically derived from steps or other parts of the workflow.disposable
is an optional attribute that determines whether the enrichment is temporary and should be discarded when a new alert is received. If disposable is set to True, the enrichment is added to disposable_enrichments and marked with dispose_on_new_alert=True.
Example Workflow with Enrichment
- The
get-customer-details
step fetches customer data based on the alert. - The
enrich_alert
directive addscustomer_name
andcustomer_tier
to the alert.
Enrichment Syntax
Key-Value Pairs
Each enrichment is defined as a key-value pair:- Static Values: Use static strings or numbers for straightforward enrichments: