Situation titles provide you an insight into related signals and the scope. Titles are generated due to the correlation of related signals and how each signal impacts the health of a device to prevent damage.
Detailed Situation titles give you insight into:-
- Situation Impact: Which part of the infrastructure is impacted by the situation. For example, see whether a single server is down or an entire cluster.
- Correlation Pattern: What patterns and why signals are clustered together, which will help you investigate a problem.
- Related signals: Gives you a summary of all related signals listed on the situations feed.
- Priority: Priority is determined by the correlation rules and pattern logic based on the severity of the problem.
- Status: Tells you whether the situation is acknowledged or closed or work in progress or open.
How Situation Titles Work
Situation titles are generated due to the following logic:
- Main Title - Gives you the title of a situation based on the type of signals grouped together. For example, if the situation related to security, the title is framed as security situation of a server. The title updates for first 50 signals which are correlated to form a Situation.
- Summary -Summarizes the signals that are part of a situation. Summary includes the following details.
- Signal Name: Name of each signal.
- Signal Start Time: At what time the signal is initiated.
- First Event Time: When was the first event occurred.
- Source IP: IP address of the device where the signal comes from.
- Destination IP: IP address of the destination device.
- Observations: What are the observations made on each signal.
- Risk Evidence: What kind of risk it possesses to a device.
- Recommendations: Type of remedial actions to be taken care of.
Examples of Situation Titles
Below Situation title gives you an idea of CPU idle time in terms of percentage.
Below Situation title gives you details on the Windows services not running on a host device.
Situation Status
The signal status is determined by the most recent update received from the source monitoring system. The status of Situation is determined by the severity of each related signal.
Situation status levels are
|
Status |
Description |
|
New |
Situation has arrived recently and not yet acknowledged by support team |
|
Open |
Situation is generated some time ago and no action has taken yet. |
|
On hold |
Put on hold due to awaiting evidence, awaiting for user etc. |
|
Closed |
Remediation has taken and resolved the issue. |
| Response Due |
Gets added to a Situation when there has been no response on the Situation by an support team and the ticket is past its First response SLA. |
|
Scheduled |
The schedule is open for work to be performed.
|
|
Self Heal |
Situation got resolved on its own.
|
|
Waiting for Customer Inputs |
Work is in progress but put on hold due to awaiting for customer inputs.
|
|
Work in Progress |
Situation is acknowledged and started working on it
|
Priorities and their respective colors are assigned to each situation based on the score calculated from impact, likelihood, and confidence factors.
|
Priority |
Color |
Description |
|
P4 |
Green |
Situation is resolved and no impact on asset. |
|
P3 |
Yellow |
The monitoring system has detected an issue. For example, CPU cache is low. |
|
P2 |
Light Orange |
The Situation has been acknowledged in the source system or the monitored object is under scheduled maintenance. |
|
P1 |
Orange |
The monitoring system has detected a serious problem. For example, a service is unavailable, or a maximum usage threshold has been exceeded. |
|
P0 |
Red |
A potential issue is detected and poses a serious impact on assets if not resolved within the SLA period. |
Comments
0 comments
Please sign in to leave a comment.