Working with ActOns

  • Updated

    Risk management needs to occur at the speed and scale of digital operations. 

    Doing so requires three fundamental shifts in the decision-making process.

    • Decision-making is pushed further down in the organization, empowering everyone in an organization to make decisions rather than waiting for decisions to “flow down from headquarters”.
    • Employees and managers make smarter decisions using relevant, timely insight based on actual data, rather than relying on top-down strategy or static rules or experience or gut instinct.
    • More decisions are automated away altogether—think of Amazon continually updating prices for its products throughout the day.

    To support this modern style of decision-making, organizations need to store, analyze, and react to data in a fundamentally unique way.

    ActOnTM is an actionable insight which is resulted from the correlation of rules generated using the association rules engine by processing valid data from different monitoring systems. 

    Functionally, ActOns are classified into the following types.

    Resolutions is a centralized place where you can view the detailed information including the status, date of creation, summary and who is responsible for taking action against an ActOn.

    ActOn Integrations

    Resolution Intelligence Cloud empowers you to generate a respective tickets via successful down stream integrations of ITSM (includes Jira, and ServiceNow) and Security (includes Chronicle SOAR) once an ActOn is generated in our portal.

    To avail ActOn integrations, subscribe to Resolutions plan after you have registered with Resolution Intelligence Cloud. Visit this page for more details on available plans. 

    Features of ActOns

    • Enable the security analysts to prioritize what is important and when to take necessary actions to mitigate the risk posed by threats from external environment.
    • Ensure effective communications such as - Automated emails and Scripted responses among the users of an organization.
    • Assign to respective individual or a group in an effective manner to notify in real-time.
    • Enable automatic routing of similar signals, and SLA tracking.
    • Build the consistency and confidence in the support process of an organization.
    • Provide visibility and reporting dashboards by type, class, status, and priority.

    ActOns Inception

    Most Situations are resolved automatically, but some Situations turn into ActOns and trigger notifications to IT OPs and NOC teams in order to remediate them and prevent extreme outages in your IT infrastructure. 

    Resolution Intelligence Cloud takes up data from integrated monitoring systems and normalizes it into a pair of key and value called tags. Situations contain different tags (a pair of key and value) that provide logic and enrichment to the ActOns. 

    Tags are a vital part of the ActOns management process, adding context and details to your ActOns, enabling better automation and faster troubleshooting. Tags are driven by both automatic Situation enrichment formulas, and manual updates from team members through the UI.

    Viewing ActOns

    View ActOnTM details in the Resolutions --> ActOn's feed. Prioritize, assign, resolve, make active or inactive, add to watch list and comment on ActOns to streamline your team's collaboration and resolve issues faster.

    You can open another ActOn in an isolation mode while you are working on it by clicking on an ActOn ID that you would like to open.

    On the ActOns cards page, you can differentiate between Digital Ops and Security ActOns by looking at the cards layout.

    mceclip0.png

    Viewing ActOn Details

    1. To view the ActOns feed, click on Resolutions --> ActOns.
    2. Click an ActOn in the feed. The ActOn details appear in the right pane.
    3. Click mceclip0.png or mceclip2.png to enlarge or converge an ActOn display area.
    4. Title: The ActOn title emerges from the type signals which are correlated as a result of correlation rules.
    5. Acton ID: ActOn ID is a discrete number assigned to an ActOn that is created from the internal monitoring system. Click on ActOn ID to know about the Status, Priority, Owner, Classification, tags, etc.
    6. Signal ID: These signals are relevant to each other and correlated by a rules engine to prevent the creation of multiple tickets. Click on a Signal ID to view the details such as the signal's current status, source, the total number of occurrences, signal type, and opened for how many hours since the signal is created.
    7. Organizations: A list of organizations which are entitled to an ActOn
    8. Tenants: A list of tenants which are notified of an ActOn
    9. Situation ID: An ID of a situation which is converted as an ActOn
    10. Jira ID: An ID of ticket generated from Jira integration
    11. ServiceNow ID: An ID of incident generated from ServiceNow integration
    12. Click Up or Down arrows to show or hide the details, such as ticket subtype, ActOn duration, signal incoming time, ActOn last updated, resolution time, class, sub-class, category, sub category, and classification of an ActOn.
    13. At the top left of an ActOn, the Status (New, Acknowledged, Closed) is displayed.
    14. Assign Priority: You can assign a Priority level to ActOn to distinguish which ActOns need attention first. To assign Priority to an ActOn, select one of the priorities from the drop-down on top of the ActOn.

    Picture20.png

    9. Assign Owner: By default, Auto validation system assigns the ROBO as a Owner. However, you can assign a new Owner to an ActOn to notify the respective personnel to take action against an ActOn. To assign Owner, click Owner on top of the ticket and assign yourself or search and select a user using the search bar. Refer this article to know what actions a ROBO can perform in order to resolve or close the ActOn.

    Picture21.png

    10.Create War Room: Click Create War Room on the top of the ticket to initiate a call among the users who are assigned several tasks to solve a ticket quickly.

    11.View Participants: Click Picture22.png to view how many and who are the participants involved in order to solve a problem. Also, you can invite new members to notify them about the ActOn using Find Users to add field.  

    Picture23.png

    12.Comment on ActOn: To Interact with the other participants of an ActOn, click and enter your message in the Post Message field and click Update Ticket to post your comments. You can make your message Private or Public by enabling or disabling the lock button.

    Picture6.png
    13. Visibility: The Domain and Organization level users can add their tenants and notify them about an ActOn being added.
    To add ActOn visibility to tenants:
    1. Open an ActOn
    2. In the ActOns page, click Visibility at the top right corner
      A list of tenants appears.
    3. Select one or more tenants and click Save to update the changes. 

    mceclip1.png

    ActOn Status

    The signal status is determined by the most recent update received from the source monitoring system. The status of an ActOn is determined by the severity of each situation.

    By default, an ActOn is assigned with any one from the following statuses. However, you are free to change the status of an ActOn to the status you desire anytime once you create the new statuses or rename the existing statuses.

    Status

    Description

    New

    ActOn has arrived recently and not yet acknowledged by the support team

    Open

    ActOn is generated some time ago and an action is yet to be taken.

    On hold

    Put on hold due to awaiting evidence, awaiting for user etc.

    Closed

    Remediation has taken and resolved the issue.
    Response Due

    Gets added to an ActOn when there is no response on the ActOn by the support team and the ticket is past its First response SLA.

    Scheduled
    The schedule is open for work to be performed.

    Self Heal
    ActOn got resolved on its own.

    Waiting for Customer Inputs
    Work is in progress but put on hold to receive customer inputs.

    Work in Progress
    ActOn is acknowledged and started working on it.

    Priorities and their respective colors are assigned to each ActOn based on the score calculated from impact, likelihood, and confidence factors.

    Priority

    Color

    Description

    P4

    Green

    ActOn is resolved and has no impact on the asset.

    P3

    Yellow

    The monitoring system has detected an issue. For example, CPU cache is low.

    P2

    Light Orange

    The ActOn has been acknowledged in the source system or the monitored object is under scheduled maintenance.

    P1

    Orange

    The monitoring system has detected a serious problem. For example, a service is unavailable, or a maximum usage threshold has been exceeded.

    P0

    Red

    A potential issue is detected and poses a serious impact on assets if not resolved within the SLA period.

    Changing status of an ActOn

    You have the flexibility to tailor the existing statuses to match your specific needs and workflows of your organization. You can often modify existing ones to align with your business requirements which ensure collaboration and productivity. Before changing the status, you should configure your desired status by using Configurable Statuses procedure.

    To change the existing status to a new one,

    1. Navigate to Resolutions --> ActOns.
      ActOns home page opens.
    2. Click the ActOn in which you would prefer to change the status.
    3. Click Status located below the ActOn name.
      A dropdown menu opens where you can find the statuses that you have configured.
    4. Select your desired status and click Apply.
      Your desired status will be assigned to that ActOn.

    Picture2.png.

    Quick Links

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.