Situations

  • Updated
In this article:

    Resolution Intelligence Cloud provides a potential AI/ML driven correlation engine that correlates high quality and repetitive signals using AI/ML to identify macro level issues in your IT infrastructure, called Situations. These Situations streamline the handoff between teams, centralizes critical information, and reduces multiple notification fatigue.

    Resolution Intelligence Cloud does not allow you to push situations into ITSM (Jira and ServiceNow) and Security (Chronicle SOAR) integrations directly. 

    Viewing Situations 

    Resolution Intelligence Cloud digests all signals originated from source systems like OpsRamp, and Chronicle and uses Correlation algorithms to correlate similar signals into a situation. Signals turn into situations by defining the correlation rules based on the certain conditions. For example, Convert signals into a situation when a signal source matches with OpsRamp and signal class belongs to Applications. Situations feed updates in real-time and up-to date with statuses. You can change the status of a situation anytime (Open-work in progress, Onhold, Response Due, Resolved-selfheal and Closed) and add to a watchlist to monitor quickly.

    To explore a situations feed,

    1. Navigate to Resolutions --> Situations from the dropdown
      A situation feed appears with all active situations
    2. Click a situation that you would like to explore
      A situation page appears on the right of your screen
    3. Review the basic information about each situation
    Field Description
    Situation ID Discrete ID of a situation generated internally
    Title Name of a situation generated automatically by correlating similar signals. See Situation Titles & their status to know how the title and status are generated.
    External ID Discrete ID of a situation generated from external source systems
    Signal ID Discrete ID of a signal which is correlated to form a situation. A situation contains one or more similar signals.
    Assets  A physical device from which the situation is created
    First Signal Creation Time A time at which a primary signal is generated and correlated to form a situation
    Last Updated The date and time at which an update is done in a situation
    Class and Subclass Type of a class and a subclass to which a situation belongs to
    Category and Subcategory Type of a category and a subcategory to which a situation belongs to
    Status Status (Open-work in progress, Onhold, Response Due, Resolved-selfheal and Closed) of a situation. You can change the status anytime manually
    Mark as ActOn You can convert a situation into an ActOn using this option

    In addition to know the basic details, you can perform some actions in the Situations feed which are described as follows.

    Enlarge: You can maximize the situations feed by clicking on button. A screen appears with all active  situations where you can check a box next to each situation and click Closed button to change the status of a situation.

    Search: Search a situation using a title, summary, external ID, Signal ID, and situation ID in the search field to get your desired situation.

    Sorting Situations: By default, all situations are listed in order by when they were last received, with the most recently received situation on top. You can change the sort order of the situations in your feed.

    1. From the Situations feed, click the Sort icon 
    2. Select the desired sort order from the following dropdown list
    Item Description
    Last Received Time of recently received situation. The latest situation will appear on the top of the feed.
    Created Date Date the first signal on the situation was received (newest on top). The order is preserved even if the status of a situation changes.
    Newest on top Most recently received alerts on a situation appear on the top.
    Oldest on top Signal that received on situation based on the oldest date appear on the top.

    Comment on a Situation: To Interact with the other participants of a situation, enter your message in the Post Message field and click Update Ticket to post your comments. You can make your message Private or Public by enabling or disabling the lock button.

    Elements in a Situation

    Situations consist of the following tabs and each tab provides you critical information of a situation.

    • Score Evidence: The score of a ticket determines how critical a situation is. This score is generated from auto ticketing systems and it is associated with priority levels from P0 to P4. Suppose you have ten tickets that are tagged with P0 with respective scores, then you must pick and resolve the ticket which consists of the highest score.
    • Services: You can determine the scope (Domain, Organization, and Tenant) and service level impact that a situation can create in this tab. The scope of a situation is indicated by specific color which is shown in the following image.

    • Timeline: The timeline allows you to visualize the life cycle of a situation, which helps you to understand the behavior of a signal. The timeline also shows the history of status changes that is related to a situation. Each dot on the timeline denotes the status change.
    • Relevant Situations: These situations might be generated due to a change occurred in the life cycle of a situation while solving a problem associated with the situation. This section lets you see if any relevant situations are generated and what action to be taken against such situations to resolve a problem.
    • Summary: Summary gives you an overview of a situation details such as Signal ID, Resource, Location, Device Class, Event Class, Event Summary, Event Message, Time at which a situation is generated, Device URL, Event URL, and number of signals that are correlated. This summary is automated using an automated system. You can edit the existing summary using Edit. If no summary is available for an active situation, you can create a summary by clicking on Add Summary button.
    • Signals: These signals are relevant to each other and correlated by a rules engine to prevent the creation of multiple tickets. Click on a Signal ID to view the details such as the signal's current status, source, the total number of occurrences, signal type, and opened for how many hours since the signal is created. 
      In this tab, perform the following actions.
        • Delink any signal from a situation using a Delink button
        • Make any signal as a root cause for generating a situation using Root Cause button Also, you can deselect the root cause using a Unmark Root Cause button
        • Identify any signal using a specific colors. For example, Red for Root Cause signal, and blue for Primary signal
        • Search any signal using its respective ID or a title in the search field

    • Assets: Assets are the physical devices from where an issue is raised, and a signal is generated respectively to that issue. In this tab, you can see the name, type of an asset, and the type of operating system that runs on a device.
    • Tasks: Tasks allow you to break the bigger problems into smaller chunks which in turn help you to collaborate among multiple stakeholders to resolve a problem associated with each situation.

    Picture2.png

    You can create a task using the following steps.

    1. Click Picture3.png next to the tasks. A window appears on the screen.
    2. Select User in the Assign To field.
    3. Select a Category from the drop-down menu.
    4. Enter Start and Due Date.
    5. Type the Name of your Task (Mandatory).
    6. Type the Description.
    7. Click SUBMIT. 

    Converting Situations to ActOns

    Situations are converted into ActOns either by defining correlation policy on certain conditions or manual intervention. Based on the policy definition, a situation can be ActOn to either Domain, or an Organization or a Tenant.

    Order of Precedence

    If a situation is marked as ActOn at,

    • Tenant Level
      It will be an ActOn for Tenant, Organization, and Domain levels
    • Organization Level
      It will be a situation for Tenant level but, ActOn for Organization and Domain levels
    • Domain Level
      It will be a situation for Tenant and Organization but, ActOn for Domain level 

    To convert a Situation into an ActOn manually,

    1. Navigate to Resolutions --> Situations
    2. Click on any Situation that you would like to convert
      A Situation page appears
    3. Click on Not Marked As ActOn
      A dropdown menu appears
    4. Select a Tenant for which you want to notify
    5. Click Save 
      A notification triggers to the selected Tenant 

    Note: Once a situation is converted into an ActOn, it can not be reversed.

    Quick Links

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.