Creating Alert Policy elements

Alert Policies determine the criteria for selecting which alerts generated by various sources are escalated to which Alert Chains.

Engines, Layer 2 Engines, IPS engines, and SMC servers are possible sources for alerts. If Domain elements have been configured, you can select a Domain as a Sender in an Alert Policy in the Shared Domain.

An Alert Policy contains rules for matching incoming alert entries. Alert entries that match an Alert Policy rule are escalated to the Alert Chain defined in the rule. Make sure that your Alert Policies also escalate System Alerts. If an alert entry does not match any rule in the Alert Policy, the alert entry is not escalated.