Hello,
We have a correlation rule that triggers an automation script (sending a slack message) if a specific alarm persists for 90 minutes. Our operations team has asked that it continue sending these messages every 90 minutes until the alarm has cleared.
Any suggestions for how to set this up?
I see more flexibility in using a connector to send your messages rather than an Automation script (AS). Your connector can keep tracks of certain message types that needs resending and keeps on doing that till a 'stop sending' flag is set.
That stop flag will be triggered by your correlation rule if you enable the additional check box 'Execute on clear' which calls your AS to set the 'stop sending' flag in your connector.
Since your AS will be triggered twice, on event alarm and event clear, you can distinguish between these two events by passing on script parameter values to your script. In this case 'Severity'
One of the bottlenecks I see in trying to use AS only is that they ultimately time-out and you will probably need more than one.