This article provides an overview, purpose, and the intricate components of signals and their relationship with each other.
A signal is an event received from multiple sources when it qualifies for Resolution Intelligence Cloud's signal buffering mechanism. These signals basically originate from various sources through third-party integration systems.
With signals, you can start detecting issues before they become critical. Signals alert you to notice unusual behavior in data, route notifications to the right people, and make decisions while knowing the root cause of an issue.
Note: Resolution Intelligence Cloud does not allow you to push signals into ITSM (Jira and ServiceNow) and security (Chronicle SOAR) integrations directly.
Navigating the Signals Home page
Resolution Intelligence Cloud provides an interactive UI where you can explore deeper details on each signal that you encounter in your IT infrastructure.
To view Signals home page,
- In Resolutions Intelligence Cloud home page, hover over the hamburger menu icon.
- Navigate to Resolutions --> Signals from the left menu bar
The signal home page appears.
You can find the following features in the signals home page:
Searching signals
You can search a signal with a title, source or a signal ID using search field at the top of a signals home page.
Filtering Signals
Customize your signals in an interactive way to find and investigate a signal that you are interested in. The following quick filters aid you in filtering the signals.
Date: Displays the signal on which date, it is generated. By default, it is One month, however, you can select any From date to TO date to get your required signal.
- Last 24 Hours: Signals aggregated over the last 24 hours are displayed.
- Last 7 days: Signals aggregated over the last 7 days are displayed.
- Last 1 month: Signals aggregated over the last 1 month are displayed.
- Last 3 months: Signals aggregated over the last 3 months are displayed.
- Custom: Click to display the Custom Date Range dialog that you can use to define a specific date period – start date, and the end data for displaying Signals data.
Signal State: Displays the signals based on the state (i.e., Closed, Correlated, New, Open, Suppressed, and Ticketed).
Signal Source: Displays the signals that are originated from sources like OpsRamp, AWS, Azure, and Chronicle etc.
Signal Priority: Displays the signals based on the priority assigned to each signal. You can select the following priorities to filter signals:
Priority | Response SLA | Resolution SLA |
P0 (Critical) | 15 mins | 4 Hrs |
P1 (High) | 2 hrs | 1 day |
P2 (Medium) | 4 hrs | 2 days 12 hrs |
P3 (Low) | 1 day | 5 days |
Signal Category & Sub-category: Displays the signals based on the category and sub-category that signal belongs to.
Functions: Displays signals based on the selected function.
Click Reset button to revert back to default listing page.
Note: You can select one or more filters to get your desired signals.
Managing Columns
With manage columns feature, you can control and manage what columns to be included or removed in a signals home page for an enhanced view.
Exporting signals
In the Signals page, you can export all signals listed on the page using the Export button available at the top. A CSV file will be downloaded in your local drive.
Refresh
Click the Refresh icon to sync the latest signals to the platform. If you do not click on refresh, the signals are synced to the platform every 30 seconds automatically
Exploring Signals page
The signals page contains the different component details, which vary based on the signal source like OpsRamp, and Google Chronicle.
To explore the signals details,
- In Resolutions Intelligence Cloud home page, hover over the hamburger menu icon.
- Navigate to Resolutions --> Signals from the left menu bar
The signal home page appears. - Click on a signal ID in the ID column.
The signal details appears in the new tab. - Review the basic details of each signal which originates from OpsRamp or Google Chronicle.
Field |
Description |
Signal ID |
ID of a signal |
Title | Name of a signal. It is generated based on the number of events triggered by the source. |
Created On | The date and time at which a signal is triggered. |
Updated On | The date and time at which a signal is updated. |
Priority | Priority of a signal from P0 to P4 |
Status | Status of a signal (Acknowledged, Closed, Correlated, New, Open, Suppressed, and Ticketed) |
Signal Source | Internal Source from where the signal is originated |
Original Source | External source from where the signal is originated |
ActOn ID | ID of an ActOn to which a signal is correlated and merged |
External Signal ID | External ID of a signal |
Heal time | The time taken to self heal of a signal |
Total Number of Occurrences | total number of times a similar signal is generated |
Primary Service | A service that a signal belongs to |
Organization ID | ID of an Organization that a signal belongs to |
Organization Name | Name of an Organization that a signal belongs to |
Tenant ID | ID of a Tenant that a signal belongs to |
Tenant Name | Name of a tenant that a signal belongs to |
Description | It consists of a summary, event URLs, and Device URLs |
Signal Information | It consists of entity type, signal type, event type, status, state, metric, resource name, resource type, signal class, subclass, service levels, Tactic, Technique, Source IP, Destination IP, event count, flow count, event category, log sources, rules applied |
Function Info | Name of a primary function and the scope of a signal (Organization or Tenant) |
Situation Info | Consists of ID of a situation to which a signal is correlated |
Assets |
Name and ID of an entity from which the signal is generated. Click on this ID to redirect to the respective entity page. For entity details, refer Viewing a specific entity article. |
Correlation Info | Name and ID of rules involved in order to correlate a signal with other similar signals |
Actions | Actions performed on a signal at organization or at tenant levels |
Timeline | Shows the different timelines at which an action is performed on a signal (either manual or system) |
The following figures consist of the signal details, which originate from OpsRamp
The following figures show the signal details, which originate from the Google Chronicle. On the right, the UDM fields are shown to know the multiple details such as the Principal User, Target User, Principal IP location, Principal IP Organization, Severity, Target IP location, Target IP Organization, Target Administrative Domain, Event Type, Principal hostname, etc. relevant to signal.
Comments
0 comments
Please sign in to leave a comment.