A signal is an event receives from multiple sources when it qualifies Resolution Intelligence Cloud's signal buffering mechanism. These signals basically originate from various sources through third-party integration systems.
With Signals, you can start detecting issues before they become critical. Signals alert you to notice unusual behavior in data, route notifications to the right people, and make decisions while knowing the root cause of an issue.
Resolution Intelligence Cloud does not allow you to push signals into ITSM (Jira and ServiceNow) and Security (Chronicle SOAR) integrations directly.
Exploring Signals
Resolution Intelligence Cloud provides an interactive UI where you can explore deeper details on each signal that you encounter in your IT infrastructure. The signals page contains the different component details which vary based on the signal source (for example, OpsRamp, and Google Chronicle)
To explore a signal,
- Navigate to Resolutions --> Signals from the dropdown
A signal listing page appears - Click any signal ID that you would like to explore
A signal page appears in the new tab - Review the basic details of each signal which originates from OpsRamp
|
Field |
Description |
|
Signal ID |
ID of a signal |
| Title | Name of a signal. It is generated based on the number of events triggered from the source. |
| Created On | The date and time at which a signal is triggered. |
| Updated On | The date and time at which a signal is updated. |
| Priority | Priority of a signal from P0 to P4 |
| Status | Status of a signal (Acknowledged, Closed, Correlated, New, Open, Suppressed, and Ticketed) |
| Signal Source | Internal Source from where the signal is originated |
| Original Source | External source from where the signal is originated |
| ActOn ID | ID of an ActOn to which a signal is correlated and merged |
| External Signal ID | External ID of a signal |
| Heal time | The time taken to self heal of a signal |
| Total Number of Occurrences | Total number of times the similar signal is generated |
| Primary Service | A service that a signal belongs to |
| Organization ID | ID of an Organization that a signal belongs to |
| Organization Name | Name of an Organization that a signal belongs to |
| Tenant ID | ID of a Tenant that a signal belongs to |
| Tenant Name | Name of a tenant that a signal belongs to |
| Description | It consists of a summary, event URLs, and Device URLs |
| Signal Information | It consists of entity type, signal type, event type, status, state, metric, resource name, resource type, signal class, subclass, service levels, Tactic, Technique, Source IP, Destination IP, event count, flow count, event category, log sources, rules applied |
| Service Info | Name of a primary service and the scope of a signal (Organization or Tenant) |
| Situation Info | Consists of ID of a situation to which a signal is correlated |
| Assets | Name and ID of a device from a signal is generated |
| Correlation Info | Name and ID of rules involved in order to correlate a signal with other similar signals |
| Actions | Actions performed on a signal at organization or at tenant levels |
| Timeline | Shows the different timelines at which an action is performed on a signal (either manual or system) |
The following figures consist of the signal details which originates from OpsRamp.
The following figures show the signal details which originate from the Google Chronicle. On the right, the UDM fields are shown to know the multiple details such as Principal User, Target User, Principal IP location, Principal IP Organization, Severity, Target IP location, Target IP Organization, Target Administrative Domain, Event Type, Principal Hostname etc. relevant to signal.
In addition to the basic details, you can perform some actions in the signals feed which are described as follows.
Pivot View: With Pivot button, you can quickly summarized the signal data in a desired format and detect data trends that you can not determine otherwise. Pivot view uses metrics and dimensions to determine the signal category, subcategory and signal count.
Export signals: In the Signals page, you can export all signals listed in the page using an Export button available at the top. A CSV file will be downloaded in your local drive.
Search a signal: You can search a signal with a name or an ID using search field at the top of a signal listing page.
Filtering Signals
Customize your signals in an interactive way to find and investigate a signal that you are interested in. The following quick filters aid you to filter the signals.
Date: Displays the signal on which date it is generated. By default, it is One month, however, you can select any From date to TO date to get your required signal.
- Last 24 Hours: Situations aggregated over the last 24 hours are displayed.
- Last 7 days: Situations aggregated over the last 7 days are displayed.
- Last 1 month: Situations aggregated over the last 1 month are displayed.
- Last 3 months: Situations aggregated over the last 3 months are displayed.
- Custom: Click to display the Custom Date Range dialog that you can use to define a specific date period – start date, and the end data for displaying Situations data.
Signal Status: Displays the signals based on the status (i.e Acknowledged, Closed, Correlated, New, Open, Suppressed, and Ticketed).
Signal Priority: Displays the signals based on the priority assigned to each signal. You can select the following priorities to filter signals.
| Priority | Response SLA | Resolution SLA |
| P0 (Critical) | 15 min | 4 Hrs |
| P1 (High) | 2 hrs | 1 day |
| P2 (Medium) | 4 hrs | 2 days 12 hrs |
| P3 (Low) | 1 day | 5 days |
Signal Category & Sub-category: Displays the signals based on the category and sub-category that signal belongs to.
In More filters, you can find the additional options include the following.
Signal Source: Displays the signals that are originated from the sources like OpsRamp, AWS, and Azure Chronicle etc.
Signal Class: Filters the signals based on the class it belongs to. For example, Applications, Compute, and Communication etc.
Organization: Displays the signals based on the Organization it belongs to.
Tenant: Displays the signals based on the Tenant it belongs to.
Signal Metric: Displays the signals based on its relevant metrics like AD_Global_Catalogue_Search.
Click Reset button to revert back to default listing page.
Note: You can select one or more filters to get your desired signals.
Comments
0 comments
Please sign in to leave a comment.