Disable automated alarm closure for LogRhythm

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Disable the automated alarm closure capability if you no longer want to view the security incident closure information on the LogRhythm Web Console. Once deactivated, the ServiceNow AI Platform no longer closes alarms within the LogRhythm Web Console. This process is optional.

    Before you begin

    Role required: sn_si.admin

    About this task

    Once disabled, the status notes and other closure information on the security incident are no longer displayed on the LogRhythm Web Console.

    Procedure

    1. Navigate to All > System definition > Business Rules and select the Business Rules module.
    2. If not displayed in the Business Rules list, enter LogRhythm Close Alarm On SI Closure in the search field and press Enter.
      Business rule highlighted in search field.
    3. In the Name column, click the LogRhythm Close Alarm On SI Closure link to open the record.
    4. In the record that is displayed, clear the Active check box.
    5. Click Update.
      The automated alarm closure capability is now disabled.