Digital Ops ActOns consist of the following tabs, and each tab provides you with critical information about an ActOn.
- Impacted Functions: This tab shows the list of functions that are associated with the ActOn. In this tab, you can filter the listed functions by
- Timeline: The timeline allows you to visualize the life cycle of an ActOn, which helps you understand the behavior of a signal. The timeline also shows the history of status changes that are related to ActOn. Each dot on the timeline denotes a status change.
- Relevant ActOns: These ActOns might be generated due to a change that occurred in the life cycle of an ActOn when you solve a problem associated with that ActOn. This section lets you see if any relevant ActOns are generated and what action to take against such ActOns to resolve a problem. You can filter the relevant ActOns by entities that are associated with an ActOn and duration.
- Summary: The summary gives you an overview of the ticket details without going through the comments available in the ticket. This summary is automated using an automated ticketing system. You can edit the existing summary using Edit. If no summary is available for an active ticket, you can include a summary by clicking on the Add Summary button. You can always use the copy-to-clipboard option to copy the text summary.
- Correlated Signals: These signals are relevant to each other and correlated by a rules engine to prevent the creation of multiple tickets. Click on a Signal ID to view the details, such as the signal's current status, source, the total number of occurrences, signal type, and opened for how many hours since the signal is created.
Delinking a signal from an ActOn
Use this procedure to delink a signal from an ActOn. Note that you cannot delink the primary signals.
-
Click on a Digital Ops ActOn. This displays different tabs.
-
Click the Correlated Signals tab to see the primary and secondary signals associated with the ActOn.
-
Click on the kebab menu corresponding to an ActOn and select Delink Signal. This opens the Delink Signal from ActOn side panel.
-
Select the reason. Possible values:
- Create Domain-Specific ActOn: Create an ActOn specific to the domain of the signal, as signals related to different technical teams or departments got correlated.
- Signal Got Self-Healed: The issue that triggered the signal got self-healed without any intervention from the SOC team.
- Unrelated Signal: Signals were correlated based on matching rules, but their intended correlation was inaccurate.
- Signal Can Be Ignored: Exclude signals identified as false positives.
- Others: Any other reasons not covered by the previous options. Selecting this will display a text field where you can specify the exact reason for delinking this signal from the current ActOn.
-
Select Link to New ActOn or Link to an Existing ActOn. If you want to link the signal to an existing ActOn, this shows the list of ActOns that are already created.
-
Select the radio button corresponding to the ActOn to which you want to link the signal. To find the specific ActOn to which you want to link, you can either search by ActOn ID or Title in the search box.
-
Click Submit.
Marking a signal as Root cause signal
Use this procedure to mark or unmark the signal as the root cause signal. These root cause signals are the ones that are responsible for the formation of an ActOn.
-
Click on a Digital Ops ActOn. This displays different tabs.
-
Click the Correlated Signals tab to see signals associated with the ActOn.
-
Click on the kebab menu corresponding to an ActOn and select Mark as Root Cause.
-
Entities: Entities are the assets or domain names from which an issue is raised and a signal is generated, respectively, for that issue. You can see the name, type of asset, and type of operating system that runs on a device.
- Escalations: Escalations provide details such as the primary on-call responder, the type of functions involved, and the status of the escalation policies that are linked to an ActOn. For more information on escalations, refer to this article.
-
Activity:The activity allows you to add notes and check the activities performed by the user on this ActOn.
-
Notes: Notes are the comments given by the users who are involved in remediating the ActOn. Notes are classified as:
- Work Notes: These comments are visible to an external audience. By default, these are synced to external ITSM and SOAR platforms.
- Internal Notes: These comments are visible to company-specific users only and are not synced to external ITSM and SOAR platforms.
- Resolution Notes: These comments are updated when an ActOn is resolved. External ITSM or SOAR platforms have to be updated in their resolution notes, and their status has to be changed to resolved.
-
Notes: Notes are the comments given by the users who are involved in remediating the ActOn. Notes are classified as:
Creating Notes
You can create your notes by using the types described above.
To create Notes,
-
- Under the Activity tab, click Notes.
- Select the type of note you want to post from the drop-down menu. Possible values:
- Work Note
- Internal Note
- Resolution Note
- Select a predefined template or enter your comments and the time spent on the ActOn in minutes or hours.
- Click Post.
You can access the 'All Notes' drop-down menu, which allows you to filter notes by type, such as Work Note, Internal Note, or Resolution Note. Select the check boxes corresponding to the note types you want to view.
Viewing the history
To view history,
1. Under the Activity tab, click History. This shows the activities performed by the user on this particular ActOn.
2. Review this information:
Message: The message states the activity performed.
User: The user who performed the activity.
Activity Time: The timestamp of the activity.
There is manage columns button using which you can change the order of the columns or select the columns you want to view.
-
ActOn Analyzer:Assesses your questions specific to an ActOn and provides you with relevant answers such as summaries, notes, user details, correlated signals, impacted asset details, and more to mitigate an ActOn.
- Available options on ActOn analyzer include:
- Copy to Clipboard: Allows you to quickly copy AI-generated responses to your clipboard for easy pasting and sharing.
- Start Again: Clears the entire chat session, enabling you to start a new session with a fresh query box.
- Delete Option: Enables you to delete a specific response from the chat by clicking the delete icon next to the response.
- Thumbs Up/Thumbs DownProvides a way to give feedback on each AI-generated response, indicating whether you are satisfied or not satisfied with the answers received.
- Available options on ActOn analyzer include:
- Tasks: Tasks allow you to break the bigger problems into smaller chunks, which in turn help you collaborate among multiple stakeholders to resolve a problem associated with the ActOn.
You can create a task using the following steps:.
- Click next to the tasks. A window appears on the screen.
- Select User in the Assign To field.
- Select a Category from the drop-down menu.
- Enter Start and Due Date.
- Type the Name of your Task (Mandatory).
- Type the Description.
- Click SUBMIT.
After adding a task, you are free to verify the details of the task.
To verify task details,
-
- Click Tasks at the top right of an ActOn
A task list appears - Click on a task that you would like to verify
A window appears at the bottom of your screen - Click to minimize or X to close the window
- Click Tasks at the top right of an ActOn
Comments
0 comments
Please sign in to leave a comment.