After your NetBrain system receives events, it will check the qualification defined in each event template and use the qualified event template to decide whether to map and execute a runbook for the events based on conditions.

An event template is defined with Python scripts. Follow the steps below to create an event template to process events from a third-party system:

1.Log in to your NetBrain domain.

2.Click the start menu , and select System Automation Manager.

3.Click the Event Template Manager tab and click Add Template. The Event Template window opens.

Tip: The system offers sample scripts that contain main functions in a new template. You can directly use the sample scripts and follow annotations (an annotation starts with #) in the script to define the corresponding parameters.

4.Enter a name for the event template.

5.Enter a description of the event template.

6.Define the qualification (criteria) that events match this event template by either of the following methods.

▪Use a regular expression to define the qualification in the Qualification field, such as \"state\":.*?. This method is recommended because it is more efficient than using def qualify(raw_event)function.

▪Use the def qualify(raw_event)function in the script.

Example: use the number parameter in the raw data of a ServiceNow event as criteria.

def qualify(raw_event):
    raw_event_json = nbjson.loads(raw_event)
    if "number" in raw_event_json and "INC" in raw_event_json["number"]:
        return True
    else:
        return False  

7.Go to def translate(raw_event) to define conditions and the corresponding drill-down actions, such as drawing a map and executing a runbook.

1)Define the third-party system where events are from via the utils.set_basic_setting() function.

Example: events from ServiceNow.

basic_setting = utils.set_basic_setting("ServiceNow")

2)Define the map type to create.

a)Customize the criteria to trigger the map and runbook.

    Example: define criteria to execute the map and runbook.

mapSettingHelper = MapSetting()
if "number" in raw_event_json and "INC" in raw_event_json["number"]:

b)Define the map settings of creating a map.

i.Click Sample Script on the upper right corner. The Sample Script pane opens.

ii.Select a map type to create from the Map drop-down list. The system automatically generates scripts for the selected map type.

iii.Copy the script to the event template editor.

    Example: the map settings of a site.

# create map
map_setting = mapSettingHelper.build_site_map_setting("device_name", False)  #replace with a real device or device parameter in raw data 

3)Define the runbook to execute and node settings of the runbook.

a)Click Sample Script on the upper right corner. The Sample Script pane opens.

b)Click Browser and select a runbook. The system automatically generates scripts for the selected runbook.

c)Copy the sample script of the runbook to the event template editor.

d)Define the settings of nodes in the runbook. See Runbook Node Parameter Settings for details.

Example: Define the settings of the Qapp node in the built-in runbook "Check ASA Failover Status" .

rbt = RunbookTemplate("Built-in Runbook Templates/Security Checking/Check ASA Failover Status")
 
# node name: 2. Retrieving the CLI commands of Failover, type: Execute CLI Commands Node
rb_node = rbt.get_rbt_node("632653e6-4676-4f94-927f-86a6318f71e5")
cli_command_node = CLISetting(rb_node)
#cli_command_node.set_cli_commands(["show failover","show monitor-interface","show failover interface"])
rbt.update(cli_command_node.value())
 
# node name: Monitor ASA Failover Status, type: Run Qapp Node, qapp name: Monitor ASA Failover Status [Cisco ASA Firewall]
rb_node = rbt.get_rbt_node("11ea62c9-4af3-4dd6-896e-6d61ab59eb8c")
qapp_node = QappSetting(rb_node)
#qapp_node.set_current_baseline()
#qapp_node.set_pull_live_data_once()
qapp_node.set_pull_live_data_regularly(duration=2,unit=2,is_repeat=False,times=10)
#qapp_node.set_share_alert_users([])
#qapp_node.set_email_settings([],[2,1])
rbt.update(qapp_node.value())
 
runbook_settings.append(rbt.value())

8.Click OK to save the event template.

Tip: Click the API Triggered Tasks tab to view all tasks triggered by events from third-party systems.