Aggregate (group) multiple alerts into one Incident based on matching conditions. If you do not want to create new alert aggregation criteria, skip this step.

Continue after Step 7 of Configure Incident Creation for ITSM and SecOps Apps (Optional).

Note: To change this configuration after the initial setup, go to VMware Carbon Black Cloud > Configurations and click Incident Creation.

Prerequisites

Create a ServiceNow Configuration Profile

Procedure

  1. To select the Aggregate Alerts option, click the Apply Defaults button and populate the suggested aggregation criteria.
  2. Review the default criteria.
  3. If you did not apply default values and want to configure aggregation rules, select the Alert Aggregation checkbox.
  4. To set custom aggregation criteria, select the value from the list and press Enter.

    Aggregation criteria list

  5. To add more alert aggregation conditions, click New Criteria.
  6. Click Next.

What to do next

Configure Alert Field Mapping for ITSM and SecOps Apps