Overview
Streams are a set of filters that allow users to refine ActOns based on specific criteria. Users can use default streams or create custom streams to save time and effort by avoiding repetitive filter selection each time they search for ActOns with specific criteria. This feature ensures a more efficient and streamlined process for managing ActOns.
Default Streams
Default streams are visible to all users. They are available by default and include the following options for filtering ActOns:
- All Open ActOns : Displays a comprehensive list of all open ActOns.
- Closed ActOns: Includes ActOns with a status of Closed.
- Critical ActOns: Displays ActOns marked as high priority (P0) with a status of New. When a new ActOn meets these criteria, a red visual indicator appears for one minute to draw attention.
- My ActOns: Shows ActOns assigned to the logged-in user.
- New ActOns: Displays newly created ActOns with a status of New.
- Re-Investigation ActOns: Lists ActOns with new detections appended, requiring re-investigation. These ActOns appear across various stages—Investigation, Incident, Mitigation, and Clarification—and in all statuses.
- Response Due ActOns: Displays ActOns across all stages (Identify, Investigation, Clarification, Mitigation, Incident, Remediation, Resolution) and statuses, such as In Progress and On Hold.
- Scheduled Activities: Displays ActOns that are on hold due to scheduled activities.
- Unassigned ActOns: Shows ActOns that have not been assigned to any user.
For example, if a user wants to view all open ActOns, they can select the All Open ActOns stream to retrieve the open ActOns.
Custom Streams
Custom streams provide flexibility by allowing users to create streams tailored to their specific business needs. Users can apply various filters to customize their streams. The available filters include:
- ActOn Type: Filter ActOns by their type, such as Security or Digital Ops.
- Status: Filter ActOns by their current status, such as New, Acknowledged, In Progress, On Hold, Healed, Resolved and Closed.
- Priority: Filter ActOns by priority levels, such as P0 (high priority).
- Stage: Filter ActOns by their stage lifecycle.
- Functions: Filter ActOns by associated functions.
- Signal Source: Filter ActOns by the source of the signal that triggered them.
- Tags: Filter ActOns based on associated tags.
- Class and Sub-Class: Filter ActOns by their classification and sub-classification.
- Category and Sub-Category: Filter ActOns by their category and sub-category.
- Entities: Filters ActOns based on the selected entities
- Entity Groups: Filters ActOns based on the selected entity groups. ActOns linked to entities within the selected groups will be included in the results.
- Escalation Triggered: Filter ActOns that have triggered an escalation.
-
Last Updated By Filter: Filters ActOns based on who last updated the ActOns by system users and/or platform users. The available filter options include:
- Domain users: Filter ActOns last updated by users at the domain level.
- Organization users: Filter ActOns last updated by users at the domain and organization levels.
- Tenant users: Filter ActOns last updated by users at the domain, organization, and tenant levels.
-
System users are categorized into three types for filtering purposes:
- OpsAssist: A ROBO that updates ActOns by tracking ticket creation and signal additions.
- SyncAgent: Updates ActOns by tracking department changes.
- CustomActions: Updates ActOns based on changes from external systems when synced with apps such as ServiceNow, ConnectWise, JIRA, or SOAR.
- Organization – Filter ActOns by the selected organization. This filter is available only at the domain level.
- Tenant – Filter ActOns by the selected tenant. This filter is available at both the organization and tenant levels.
-
Teams and Owner – Filter ActOns based on the selected teams and owners. You can also filter for unassigned ActOns. The teams and owners displayed in the drop-down are based on the selected organization or tenant.
- If no organization or tenant is selected at the domain level, only teams created at the domain level will be visible.
- If no tenant is selected at the organization level, only teams created within your organization will be shown in the drop-down.
Custom streams enable users to save these filter configurations, making it easier to retrieve ActOns matching the criteria without manually applying filters every time. For more information, see Creating a Stream.
Custom Filter View
When navigating to an ActOn from the Signals page, users are redirected to a Custom Filter View that accurately displays the target ActOn, even if it's not part of a default stream. This ensures seamless access and visibility. The view remains active until the page is refreshed, after which it reverts to default streams.
Sub-Streams
Sub-streams are a feature within streams that enable more granular filtering. Users can create sub-streams under a parent stream, but the filters already applied in the parent stream remain intact. Sub-streams allow users to select only the filters that have not yet been applied in the parent stream. They are ideal for further narrowing down ActOns within the specific context defined by the parent stream. For more information, see Creating a Sub-Stream.
Creating a Stream
Use these steps to create a stream with a set of filters.
To create a stream:
- Navigate to Resolutions > ActOns. The ActOns home page displays all available default and custom streams.
- Click Create Stream. This opens the Create Stream popover.
- Provide the following details:
- Name: Enter a unique name for the stream.
- Description: Add a description to explain the purpose of the stream.
-
Filters: Select the filters to apply. Available filter options include:
- ActOn Type
- Status
- Priority
- Stage
- Organizations (this option is visible only at the domain level)
- Tenants (this option is visible only at the domain and organization levels)
- Functions
- Signal Source
- Tags
- Class
- Sub-Class
- Category
- Sub-Category
- Entities
- Entity Groups
- Teams and Owner
- Escalation Triggered
- Select a Team and Owner from the respective drop-downs.
- Click Save to create the stream.
Example:
If you want to view high-priority (P0) ActOns of type Security with a status of New, create a stream with these filter criteria. This will allow you to retrieve the desired ActOns directly without repeatedly applying these filters.
Managing Streams
Editing a Stream
Use this procedure to modify stream details, such as filters or descriptions.
To modify stream details:
- Navigate to Resolutions > ActOns. The ActOns home page displays all available streams.
- Hover over the stream you want to edit. The kebab menu (three dots) will appear.
- Select Edit from the kebab menu. This opens the Edit Stream popover.
- Update the stream’s details, including filters and description.
- Click Update to save the changes.
Deleting a Stream
Use this procedure to remove a stream that is no longer required.
To delete a stream:
- Navigate to Resolutions > ActOns. The ActOns home page displays all available streams.
- Hover over the stream you want to delete. The kebab menu will appear.
- Select Delete from the kebab menu. Note: Deleting a stream will also delete all its associated sub-streams.
- Confirm the deletion by clicking Yes.
Creating a Sub-Stream
Sub-streams can be created within a parent stream for granular filtering. Follow these steps to create a sub-stream:
- Navigate to Resolutions > ActOns. The ActOns home page displays all available streams.
- Hover over the custom stream where you want to create a sub-stream. The kebab menu will appear.
- Select Create Sub-Stream to open the Create Sub-Stream popover.
- Provide the following details:
-
- Name: Enter a unique name for the sub-stream.
- Description: Add a description to explain the purpose of the sub-stream.
-
Filters: Select the filters to apply for granular-level filtering. Available options include:
- ActOn Type
- Status
- Priority
- Stage
- Organizations (this option is visible only at the domain level)
- Tenants (this option is visible only at the domain and organization levels)
- Functions
- Signal Source
- Tags
- Class
- Sub-Class
- Category
- Sub-Category
- Entities
- Entity Groups
- Teams and Owner
- Escalation Triggered
Note: The filters and their selected values inherited from the parent stream are displayed. This restriction ensures the integrity of the parent stream's criteria is maintained, allowing sub-streams to focus exclusively on selecting one of the values chosen at the parent level for each filter. Additionally, sub-streams can apply new filters that were not selected in the parent stream. You can view the filters by clicking Applied Filters in the table view.
5. Click Save to create the sub-stream.
Managing Sub-Streams
Editing a Sub-Stream
Use this procedure to add or remove filters in a sub-stream.
To edit a sub-stream:
- Hover over the sub-stream to reveal the kebab menu.
- Select Edit to open the Edit Sub-Stream popover.
- Update the details and click Update to save changes.
Deleting a Sub-Stream
Use this procedure to remove a sub-stream.
To delete a sub-stream
- Hover over the sub-stream to reveal the kebab menu.
- Select Delete to remove the sub-stream permanently.
Set a Stream or Sub-stream as the Default Landing Page
You can choose any stream or sub-stream to be your default landing page when accessing the ActOns section of the platform.
To set a default landing page:
- Go to Resolutions > ActOns. The ActOns home page displays all available streams.
- Hover over the stream or sub-stream you want to set as the default. A kebab menu (three dots) will appear.
- Click the kebab menu and select Make it as landing page.
Once set, this stream or sub-stream will automatically load as the default view each time you log in and navigate to the ActOns page.
Comparing Parent Stream Filters with Sub-stream Filters
When stream filters are modified using the Edit option, these changes may impact existing sub-streams—especially if the current sub-filter selections become invalid. To indicate this, an info icon appears next to the parent stream for 24 hours, alerting you that the filters have been updated and that you should review the associated sub-stream filters.
To help you make informed changes, you can compare the updated parent stream filters with the sub-stream filters and modify the sub-stream settings as needed to refine your results.
Steps to Compare and Update Sub-stream Filters
- Go to Resolutions > ActOns. The ActOns homepage lists all available streams.
- Hover over the desired stream or sub-stream. A kebab menu (three dots) will appear.
- Click Edit to open the sub-stream popover window.
- Click the View parent stream filters link. This opens Stream creation popover window next to the sub-stream, allowing you to compare the parent and sub-stream filters side by side. If you want to view the previous version of the parent stream, you can use the Previous version option in the Stream Creation pop-over window
- Manually update the sub-stream filters based on the parent stream filters.
- Once the filters are updated, click Update to apply the changes.
Comments
0 comments
Please sign in to leave a comment.