# Global Event Rulesets Global Event Rulesets let you create rulesets for alert routing, eliminating the need for individual alert source webhooks setup for each Service. This centralized routing simplifies configuration management, saving time and enhancing efficiency, particularly for users dealing with numerous micro-services. The scope for a ruleset is a Team, and the execution updates for Global Event Rulesets are recorded in the Incident Activity Timeline.

Global Event Rulesets flow in Squadcast for Incident Management — Image. Global Event Rulesets

{% hint style="info" %} **Note:** This feature will be available for accounts in the [Enterprise plan](https://www.squadcast.com/pricing). {% endhint %} ## Prerequisite * To effectively create and manage Global Event Rulesets, the user assigned to the Team must possess the appropriate permissions corresponding to their User Role. ## Add Ruleset To add new rulesets, 1. Navigate to **Global Event Rulesets** -> **Add New Ruleset** 2. Next, add the **Ruleset Name**, *optional* **Description**, and select the **Ruleset Owner**. 3. Click **Save**, and you're done. {% hint style="info" %} **Note:** 1. You can create and manage up to 30 rulesets for each Team. 2. A Ruleset Owner is a user or a Squad that someone can reach out to, for anything pertaining to that ruleset. There are no permissions associated with the ownership here. {% endhint %}

Add Ruleset in Squadcast for Incident Management — Image. Add Ruleset

Details for added Ruleset in Squadcast for Incident Management — Image. Details for added Ruleset

This creates a new ruleset, and the next step is to add alert sources and start creating rules for your ruleset. If you would like to create multiple such rulesets, each with individual endpoints, repeat the above steps as needed. {% hint style="info" %} **Note:** You can edit or delete a ruleset from its detail page. Please note, that deleting a ruleset will remove all the mapped alert sources and their rules. {% endhint %} ## Add Alert Sources To add alert sources to a ruleset, 1. Navigate to **Global Event Rulesets** -> select the relevant ruleset from the list. 2. Click **Add Alert Source** -> In the side panel, search and select the alert source you wish to create a rule for -> Click **Add**. {% hint style="info" %} **Note:** 1. You can only add one alert source at a time. 2. Deleting an added alert source from the ruleset will result in all its rules getting deleted. {% endhint %}

Add Alert Source in GER in Squadcast for Incident Management — Image. Add Alert Source

Added Alert Source in GER in Squadcast for Incident Management — Image. Added Alert Sources

## Add Rules Event rules allow you to set actions that should be taken on events that meet your designated rule criteria. In the current version, the only action that the system takes is routing of incoming alerts. To add rules for an alert source, 1. Navigate to **Global Event Rulesets** -> select the relevant ruleset from the list. 2. For your added alert source, click **Add Rule.** 3. In the side panel, provide a **Rule Description** and create the **Rule Expression**, referring to the payload data available on the right. 4. Lastly, designate the Service for routing when the rule expression is met -> Click **Save**. {% hint style="info" %} **Note:** You can create and manage up to 1000 rules for each alert source. {% endhint %}

Add Rules for an Alert Source in Squadcast for Incident Management — Image. Add Rules for an Alert Source

View and arrange priority of added Rule in Squadcast for Incident Management — Image. View and arrange the priority of added Rule

To manage the order of rule execution, simply use the arrows to rearrange the priority of these rules. {% hint style="info" %} **Note:** 1. The payload you see on the right may be a sample payload provided by Squadcast for the selected alert source, if you have not set up alert source webhooks and started receiving alerts yet. If the webhooks have been set up and you are receiving alerts, then you will see the payload of the latest alert for that alert source. 2. Also note that, if alert sources support multiple types of payloads for different events, please ensure you refer to the documentation of your alert source for the different payload structures. 3. You will see only the Services for the selected Team. {% endhint %} {% hint style="warning" %} **Important**: If you intend to delete a Service in Squadcast that is associated with a Global Event Ruleset, please ensure that you delete the rule first. Otherwise, you will receive a warning message similar to the one described below.

{% endhint %} ### Example **Alert Source: Admin Labs** ``` { "webhookId": "5e3378c2-275d-11e8-89db", "monitorId": "1afb2342-2754-11e8-89db", "monitorName": "Example", "monitorAddress": "http://example.adminlabs.com/example.html", "stateChange": "down", "outageId": "4fd5c5df-275d-11e8", "outageStartedAt": "2018-03-14 08:57:09", "outageEndedAt": null, "maintenanceId": null } ``` **Example Rule Expression:** ``` payload.stateChange="down" ``` ## Catch All Rule Any alerts that are sent through event rules but do not match any are routed to the Service configured in the Catch All Rule. If the Catch All Rule is empty, the outlier alert is simply dropped from the system. Configuring this helps in making sure no alerts are missed, that is, every incoming alert ends up reaching a Service. {% hint style="success" %} 🔹 **Best Practice Tip** 🔹 This is not mandatory, but we highly recommend having this configured. {% endhint %} To add a catch-all rule, 1. Navigate to **Global Event Rulesets** -> Select the relevant ruleset from the list. 2. For your added alert source, click **Add Catch All Rule** -> Select a **Service**. 3. Click **Save**.

Add Catch All Rule for an Alert Source in Squadcast for Incident Management — Image. Add Catch All Rule for an Alert Source

View Added Catch All Rule in Squadcast for Incident Management — Image. View Added Catch All Rule

*Have any questions?* [*Ask the community*](https://community.squadcast.com/view/home)*.*