Generic SWS Alerts

Categories:
Tags:

Generic SWS Alerts

Generic SWS Alerts let you define alert checks in YAML using PsoftQL queries against whitelisted PeopleSoft records. Use these when you need a one-off check that the built-in alert types don’t cover.

The scheduler runs each query on the database’s checking interval and triggers alerts based on the resulting row counts.

Configuration Properties

Generic alerts are configured under the genericSWSAlerts list, either globally under alerts or overridden per-database under databases[].alerts.

PropertyTypeRequiredDefaultDescription
idStringYes-Unique alphanumeric identifier. The system registers the alert internally as generic_sws_<id>.
nameStringYes-Friendly name shown on the dashboard and in reports (e.g. Stale Admins).
enabledBooleanNotrueToggle execution of this generic alert.
severityStringNowarningSeverity of the alert when triggered: info, warning, or critical.
alertOnStringNorow_foundCondition to trigger the alert: row_found (trigger if row count > 0) or no_result_found (trigger if row count == 0).
messageStringYes-Summary message shown on the dashboard and sent in notifications when the alert triggers.
queryObjectYes-A complete PsoftQL query request payload. See PsoftQL Query Structure.

Whitelisting Security Requirement

PsoftQL Query Structure

The query property follows the exact structure of a psLens PsoftQLRequest query:

PropertyTypeDescription
recordsArrayList of record configurations to query (can be nested for joins).
rowLimitIntegerMax rows to return (recommended to keep low, e.g. 5 or 10).
orderByStringSQL ORDER BY clause for sorting findings.
noEffectiveDateLogicBooleanSet true to skip automatic EFFDT filtering logic.
noEffectiveStatusLogicBooleanSet true to skip automatic EFF_STATUS = 'A' filtering logic.

Record Configuration (records[])

  • recordName (String, Required): PeopleSoft record name (e.g., PSOPRDEFN).
  • sqlWhereClause (String, Optional): Filter criteria SQL fragment (e.g., ACCTLOCK = 1).
  • excludeFields (List, Optional): Field names to exclude from results.

Practical Examples

Example 1: Critical Administrative Account Access (Row Found)

This alert triggers a Critical warning if an administrator account has been modified recently, or if a locked/inactive operator is seen initiating processes.

alerts:
  genericSWSAlerts:
    - id: "locked_oprid_activity"
      name: "Locked Admin Activity"
      enabled: true
      severity: "critical"
      alertOn: "row_found"
      message: "Security warning: Activity detected from locked operator accounts!"
      query:
        records:
          - recordName: "PSPRCSRQST"
            sqlWhereClause: "RUNDTTM > CAST(SYSDATE - 1 AS DATE) AND OPRID IN (SELECT OPRID FROM PSOPRDEFN WHERE ACCTLOCK = 1)"
        rowLimit: 5

Example 2: Process Scheduler Daemon Down (No Result Found)

This alert triggers a Critical warning if no process scheduler daemon has updated its status in the last 15 minutes, indicating that the scheduler might be down.

alerts:
  genericSWSAlerts:
    - id: "scheduler_daemon_down"
      name: "Process Scheduler Daemon Status"
      enabled: true
      severity: "critical"
      alertOn: "no_result_found"
      message: "Alert: No active process scheduler daemons detected in the last 15 minutes!"
      query:
        records:
          - recordName: "PSSERVERDEFN"
            sqlWhereClause: "LASTUPDDTTM > CAST(SYSDATE - 1/96 AS DATE)" # 15 minutes lookback
        rowLimit: 1

Notification Routing

To route notifications for a generic SWS alert, use its registered ID (generic_sws_<id>) in the alertTypes property of your notification subscription:

notifications:
  subscriptions:
    - id: "critical-teams-webhooks"
      enabled: true
      alertTypes:
        - "generic_sws_locked_oprid_activity"
        - "generic_sws_scheduler_daemon_down"
      databases: ["*"]
      type: "webhook"
      target: "https://hooks.slack.com/services/..."