A first response policy permits you to auto-suppress alerts as a first response for non-significant alerts.


You must have OpsQ View and OpsQ Manage permissions to manage first response and alert escalation policies.

A training file is required to suppress specific alerts or snooze specific alerts. The training file includes examples of alerts to be suppressed. See Alert Management Training File for more information.

Step 1: Define policy name, scope, and mode

  1. Go to Setup > Alerts > First Response.

  2. Specify Client Select but do not select a client.

  3. Click Create New or + Add, depending on whether you have any existing policies.

    New First Response Policy - Partner
  4. Enter a Name for the policy.

  5. Verify that the Policy Scope is PARTNER.

  6. For Client, choose Include All Clients or Include Clients.

  7. If you selected Include Clients, click Add Clients and select the clients to include.

  8. From the Mode list, select a policy mode.

    Policy ModeDescription
    ONThe policy drives automated actions on alerts.
    OFFThe policy is inactive and does not affect alerts. You can use this mode to review a newly defined policy before choosing one of the other modes.
    RecommendThe policy creates a recommendation for actions that you should take on the alert. Recommendations are based on learned patterns in historical alerts. The recommendation includes a link to take the action.
    ObservedThis mode permits you to simulate a policy without affecting alerts.
    The policy creates an observed alert, which simulates the original alert. The observed alert shows the actions that would be taken on the original alert if the policy were in On mode. The observed alert includes a link to the original alert.
    Recommend and Observed modes apply to incident actions.

Step 2: Select filter criteria

  1. Select Filter Criteria.

    Filter criteria

  2. Choose from Any or All of the defined conditions to apply a filter for the alerts.

  3. Select the attribute type to narrow the attribute list to one of the following types:

  • Native Attributes: Select from the list of native attributes.
  • Resource Custom Attributes: Select from the list of custom, user-defined attributes.
  • Alert Custom Attributes: Select from the list of alert custom user-defined attributes.
    • The Alert Custom Attributes are shown if they are available to the selected client.

    • As of now, this feature is enabled to client scope policies only. This means, the Alert Custom Attributes option is not displayed for the policy assigned to All-Clients.
  1. Select the required attribute, logical operator, and enter the value.

    Not Contains: Filters only the alerts that do not contain the input string provided in the field.

    Not Equals: Filters only the alerts that are not equal to the input provided in the field.

    Not Contains/Not Equals: If the selected property is not there in the alert, it is considered as matched.

    Example: Property value is “ABC”.

    Resource “A” belongs to two resource groups - ABCDEF AND XYZ. In this case, there is No Match.
    Resource “B” belongs to resource group - PQRS. There is Match.
    Resource “C” belongs to no resource group. There is Match.

  2. Click + to add multiple filter conditions.

The continuous learning option is only available for client-level policies.

Step 3: Suppress Alerts

  1. Select the first response suppression setting.

  2. Select the Suppress Alerts value:

    • Do Not Suppress
    • Suppress Always
    • Suppress for (minutes or hours)

  3. Click Save.

The First Response Policies page shows the newly created First Response policy. Click Number of suppressions to view more detailed information.

Note that if the alert payload has a source time that is older than the suppression time, the First Response recommendation or suppression is not applied.

Suppress Alerts by Time

An additional Roster custom attribute has been added to help in executing actions that are mentioned in the policy definition (either suppress, snooze or run a process automation) only when Roaster is Active or Inactive.

The Roster filter condition is supported for both Partner and Client level policies. Hence for client level First Response policy, you can only add client specific rosters. And for partner level First Response policy, you can only add partner specific rosters.

To select the Roster custom attribute:

  1. Select Filter Criteria.
  2. Select Roster from the Native Attributes drop-down as shown below:
Filter criteria
  1. You can select Active or Inactive.
  2. Click Save. The alerts will be suppressed that occur during the specific date and time configured in the selected roster.