Adding a trigger

1. On the Triggers page, click Add trigger.
2. On the following page, enter a name for the new trigger.
3. Assign a group to the trigger. By default the trigger is automatically added to the Generic group.
4. Add a description for the trigger as required.
5. If the trigger needs to be implemented across all projects in your system, click to enable the Global setting.
6. If you want the system to execute the configured actions when the trigger conditions are met, click to enable the Actions setting.

   It is recommended that you disable the Actions option when you test the trigger conditions.

7. If the trigger will cause a violation alert, click to enable the Violation setting. Once enabled, assign a Risk level.

   The risk level defines the priority of the alert that is triggered. Risk level 1 is the lowest, and 5 is the highest.

   If the Violation setting is disabled, the trigger is considered a notice and is automatically assigned a risk level of 0. Be aware that notices are not displayed on the Home page.

8. In the Trigger query area, configure the trigger conditions.

   By default, the first query is cmd_user_typed = true. Remove this query as required.

   After you enter a query, the system automatically runs a search and lets you know how often the trigger would have been activated over the past week.

   You can configure the queries in two ways:

   Enter manually

   

   • Click the bar to select the starting query. Use the auto-complete prompts to further narrow your query.

     For more information about the available CQL values, see CQL values.

   • Click to use the search query as any of the following:
     • Sources — select this option to add the search query as a filter for the Sources page. For more information, see Source filters.
     • Insights — select this option to create a new report from the search query. For more information, see Creating a report.
     • Triggers — select this option to use the search query as the base of a new trigger. For more information, see Adding a trigger.
   Use the builder

   

   • On the left, click the heading titles to show the condition properties that are available.

     For more information about the listed properties, see CQL values.

   • Click All to select if All or Any of the tree conditions need to be true to activate the trigger actions.
   • Add a property to the tree then assign the required values. You can add a property in any of the following ways:
     • Click a property from the provided list.
     • Drag and drop any property from the list to the tree.
     • Click Add property.
     • Hover over any property in the tree then click .
   • Click Add group to create a subgroup of condition properties.
   • From the left end of each property branch, drag and drop the property to change it's position in the tree.
   • To delete a property from the tree, click .

   The query you enter using one method is automatically reflected in the other.

9. To save the query as a macro, click Save as macro in the top-right corner. For more information, see Create.
10. In the Actions area at the bottom of the page, click Add action to add any actions that must be performed when the trigger conditions are met.

    For more information about the available actions, see Trigger actions.

    At the top of the Actions list are the default actions that have been configured for the trigger type. Default actions cannot be removed from the trigger. To change the default actions, you need to have access to > Default actions page. For more information, see Default actions.

    • You can add as many actions as required.
    • The actions are listed in the order that they will be executed.

      Tip: Make sure you know the order that the actions must be executed because you cannot re-order the actions after they've been added.

    • To delete an action in the sequence, click at the top-right corner of each action.
11. At the bottom of the page, click Save to save the new trigger.