Risk management needs to occur at the speed and scale of digital operations.
Doing so requires three fundamental shifts in the decision-making process.
- Decision-making is pushed further down in the organization, empowering everyone in an organization to make decisions rather than waiting for decisions to “flow down from headquarters”.
- Employees and managers make smarter decisions using relevant, timely insight based on actual data, rather than relying on top-down strategy or static rules or experience or gut instinct.
- More decisions are automated away altogether—think of Amazon continually updating prices for its products throughout the day.
To support this modern style of decision-making, organizations need to store, analyze, and react to data in a fundamentally unique way.
ActOnTM is an actionable insight which is resulted from the correlation of rules generated using the association rules engine by processing valid data from different monitoring systems.
Functionally, ActOns are classified into the following types.
Resolutions is a centralized place where you can view the detailed information including the status, date of creation, summary and who is responsible for taking action against an ActOn.
ActOn Integrations
Resolution Intelligence Cloud empowers you to generate a respective tickets via successful down stream integrations of ITSM (includes Jira, and ServiceNow) and Security (includes Chronicle SOAR) once an ActOn is generated in our portal.
To avail ActOn integrations, subscribe to Resolutions plan after you have registered with Resolution Intelligence Cloud. Visit this page for more details on available plans.
Features of ActOns
- Enable the security analysts to prioritize what is important and when to take necessary actions to mitigate the risk posed by threats from external environment.
- Ensure effective communications such as - Automated emails and Scripted responses among the users of an organization.
- Assign to respective individual or a group in an effective manner to notify in real-time.
- Enable automatic routing of similar signals, and SLA tracking.
- Build the consistency and confidence in the support process of an organization.
- Provide visibility and reporting dashboards by type, class, status, and priority.
ActOns Inception
Most Situations are resolved automatically, but some Situations turn into ActOns and trigger notifications to IT OPs and NOC teams in order to remediate them and prevent extreme outages in your IT infrastructure.
Resolution Intelligence Cloud takes up data from integrated monitoring systems and normalizes it into a pair of key and value called tags. Situations contain different tags (a pair of key and value) that provide logic and enrichment to the ActOns.
Tags are a vital part of the ActOns management process, adding context and details to your ActOns, enabling better automation and faster troubleshooting. Tags are driven by both automatic Situation enrichment formulas, and manual updates from team members through the UI.
Viewing ActOns
View ActOnTM details in the Resolutions --> ActOn's feed. Prioritize, assign, resolve, make active or inactive, add to watch list and comment on ActOns to streamline your team's collaboration and resolve issues faster.
You can open another ActOn in an isolation mode while you are working on it by clicking on an ActOn ID that you would like to open.
On the ActOns cards page, you can differentiate between Digital Ops and Security ActOns by looking at the cards layout.
Viewing ActOn Details
- To view the ActOns feed, click on Resolutions --> ActOns.
- Click an ActOn in the feed. The ActOn details appear in the right pane.
- Click
or
to enlarge or converge an ActOn display area.
- Title: The ActOn title emerges from the type signals which are correlated as a result of correlation rules.
- Acton ID: ActOn ID is a discrete number assigned to an ActOn that is created from the internal monitoring system. Click on ActOn ID to know about the Status, Priority, Owner, Classification, tags, etc.
- Signal ID: These signals are relevant to each other and correlated by a rules engine to prevent the creation of multiple tickets. Click on a Signal ID to view the details such as the signal's current status, source, the total number of occurrences, signal type, and opened for how many hours since the signal is created.
- Organizations: A list of organizations which are entitled to an ActOn
- Tenants: A list of tenants which are notified of an ActOn
- Situation ID: An ID of a situation which is converted as an ActOn
- Jira ID: An ID of ticket generated from Jira integration
- ServiceNow ID: An ID of incident generated from ServiceNow integration
- Click Up or Down arrows to show or hide the details such as ticket subtype, ActOn duration, signal incoming time, ActOn last updated, resolution time, class, sub-class, category, sub category, and classification of an ActOn.
- At the top left of an ActOn, the Status (New, Acknowledged, Closed) is displayed.
- Assign Priority: You can assign a Priority level to ActOn to distinguish which ActOns need attention first. To assign Priority to an ActOn, select one of the priorities from the drop-down on top of the ActOn.
9. Assign Owner: By default, Auto validation system assigns the ROBO as a Owner. However, you can assign a new Owner to an ActOn to notify the respective personnel to take action against an ActOn. To assign Owner, click Owner on top of the ticket and assign yourself or search and select a user using the search bar. Refer this article to know what actions a ROBO can perform in order to resolve or close the ActOn.
10.Create War Room: Click Create War Room on the top of the ticket to initiate a call among the users who are assigned several tasks to solve a ticket quickly.
11.View Participants: Click to view how many and who are the participants involved in order to solve a problem. Also, you can invite new members to notify them about the ActOn using Find Users to add field.
12.Comment on ActOn: To Interact with the other participants of an ActOn, click and enter your message in the Post Message field and click Update Ticket to post your comments. You can make your message Private or Public by enabling or disabling the lock button.
- Open an ActOn
- In the ActOns page, click Visibility at the top right corner
A list of tenants appears - Select one or more tenants and click Save
ActOn Status
The signal status is determined by the most recent update received from the source monitoring system. The status of an ActOn is determined by the severity of each situation.
ActOn status levels are
Status |
Description |
New |
ActOn has arrived recently and not yet acknowledged by support team |
Open |
ActOn is generated some time ago and no action has taken yet. |
On hold |
Put on hold due to awaiting evidence, awaiting for user etc. |
Closed |
Remediation has taken and resolved the issue. |
Response Due |
Gets added to an ActOn when there has been no response on the ActOn by an support team and the ticket is past its First response SLA. |
Scheduled |
The schedule is open for work to be performed.
|
Self Heal |
ActOn got resolved on its own.
|
Waiting for Customer Inputs |
Work is in progress but put on hold due to awaiting for customer inputs.
|
Work in Progress |
ActOn is acknowledged and started working on it
|
Priorities and their respective colors are assigned to each ActOn based on the score calculated from impact, likelihood, and confidence factors.
Priority |
Color |
Description |
P4 |
Green |
ActOn is resolved and no impact on asset. |
P3 |
Yellow |
The monitoring system has detected an issue. For example, CPU cache is low. |
P2 |
Light Orange |
The ActOn has been acknowledged in the source system or the monitored object is under scheduled maintenance. |
P1 |
Orange |
The monitoring system has detected a serious problem. For example, a service is unavailable, or a maximum usage threshold has been exceeded. |
P0 |
Red |
A potential issue is detected and poses a serious impact on assets if not resolved within the SLA period. |
Comments
0 comments
Please sign in to leave a comment.