Here are some answers to frequently asked questions about triggers.
You cannot assign a trigger to an activity group. However, you can create a custom device group and specify an activity criteria, such as AAA Clients, as the dynamic group type.
We do not recommend selecting all of the devices in the activity group to assign a trigger because it requires manual maintenance of triggers and devices. If you add a new device to the activity group, triggers are not automatically assigned. If you remove a device from an activity group, an assigned trigger is not automatically removed.
You can create triggers from both the ExtraHop Discover and Command appliances.
You create ECA triggers when you are logged into a Command appliance (ECA), and you create local triggers when you are logged into a Discover appliance.
ECA triggers are available to each Discover appliance connected to that Command appliance; however, local triggers are not available to any other appliance.
When you log into a Discover appliance that is connected to a Command appliance, the Triggers page displays only local triggers by default. From the Local Triggers drop-down menu at the top of the page, you can choose to display only triggers created on the Discover appliance, only triggers created on the Command appliance, or all triggers.
The ECA column on the Triggers page specifies the origin of the trigger. The value is either Local or the name of the Command appliance.
There are two methods for removing a trigger assignment:
- Open the device or group the trigger is assigned to and click Assignments from the top-right corner of the page. On the Triggers tab, click the remove (X) icon next to each trigger assignment you want to remove from the source.
- Open the trigger you want and click the Assignments tab to view which sources the trigger is assigned to. Click the remove (X) icon next to each device or device group you want to remove the trigger assignment from.
There are two methods to enable or disable a trigger from the Triggers page in System Settings:
- From the list of triggers, select the checkbox next to each trigger, and then click Enable or Disable from the upper-right corner.
- Open the trigger you want, and then select or deselect Disable Trigger.
You can create a new trigger by copying an existing one.
- Log into the Web UI on the ExtraHop Discover or Command appliance.
- Click the System Settings icon , and then click Triggers.
- From the table on the Triggers page, select the checkbox next to the trigger that you want to copy.
- Click Copy.
The copied trigger is added to the table with "(copy)" appended to the trigger name. By default, the copied trigger is not assigned to any devices or device groups.