Direct alerts to different teams based on email keywords

Alerts from a single mailbox/endpoint can be separated into variety of configurations that satisfy this requirement.

An email message from a monitoring system can be configured so different teams receive alerts based on set parameters. A single mailbox receives all messages coming from the monitoring system, and AlertOps will then provide filters which can be based on Subject, Senders/Recipients, Body, and Priority, individually or collectively.

In the following examples, alerts generated by emails contain a system name in the subject of the email. Each team has their own integration, with the systems they support being defined in the integration. We will configure an Email team and a SQL team.

Set Up First Integration

1. From Configurations, select Integrations from the menu, then scroll to Inbound Integrations section.
2. Select email from the integration option dropdown, and then press the Add Email button.
3. You will be redirected to screen displaying all the Integration Templates. You can choose a pre-built template, or Custom. We will use Custom for this example.
4. Choose your mailbox name, we will use Monitoring for our example. Name the Integration (as this is team centric, the team's name is a good place to begin). Choose an Escalation Rule and a Recipient Group. The Escalation Rule can be used for both teams if you choose, or separate Rules can be configured if you wish to have distinct delivery behavior.
5. Click the Submit button to save.
   
6. Once saved, scroll down to Advanced settings and expand Filters To Match Incoming Json/Form Fields.
7. Press Add next to Subject Filters and enter your keyword in the resulting box, save. We will use Email for this example. The filter will default to AND. Unless there is more than one condition, this is correct. Click the green check to save.

With this Integration in place, any email received at the Monitoring mailbox with Email in the subject will create an alert for the Email Support team.

Multiple filters may be added to a single Integration. As you add filters, you may select both AND and NOT to create the OR argument. You must have at least one filter in place before creating OR arguments. You will need to edit the first keyword to make it OR. A NOT argument will trigger based on the absence of the keyword.

Configured this way, any email received with either Email or Exchange in the subject will fire the alert.

Configure Second Integration

To notify a different team when an email is received at the Monitoring mailbox regarding a different system, create a new Integration as below (you may clone the existing Integration to save time and maintain consistency).

Notice the Integration name and the Recipient Group are different, as is the Subject Filter, but the mailbox is unchanged.

With two Integrations utilizing the same mailbox, alerts regarding Email systems will route to the Email Support Team, while SQL alerts will route to the SQL Support Team.

Additional Integrations can be configured for additional teams/systems, or additional systems can be added to existing Integrations. Many different configurations may be derived from this model.