Resolution Intelligence Cloud provides a potential AI/ML driven correlation engine that correlates high quality and repetitive signals using AI/ML to identify macro level issues in your IT infrastructure, called Situations. These Situations streamline the handoff between teams, centralize critical information, and reduces multiple notification fatigue.
Basically, the Situations in Resolution Intelligence Cloud are of two types:
- Digital Ops Situations
- Security Situations
Resolution Intelligence Cloud digests all signals originated from source systems such as OpsRamp, and Chronicle and uses Correlation algorithms to correlate similar signals into a Situation. Signals turn into Situations by defining the correlation rules based on the certain conditions. For example, correlate multiple signals into a Situation when a signal source matches with OpsRamp and signal class belongs to Applications.
Situations feed updates in real-time and up-to date with status. By default, a Situation is assigned with the following status:
A Situation has arrived recently and has not yet been acknowledged by the support team.
The respondent has seen the Situation and owns it.
The Situation has acknowledged and started working on it.
Put on hold due to awaiting evidence, awaiting for user etc.
The Situation got resolved on its own.
|Remediation has taken and resolved the issue.
Remediation has taken and resolved the issue.
However, you are free to change the status of a Situation to the status you desire anytime once you create the new status or rename the existing status.
To explore Situations feed,
- Navigate to Resolutions --> Situations from the dropdown
A situation feed appears with all active situations
- Click the Situation that you would like to explore
A Situation page appears on the right of your screen
- Review the basic information about each situation
|Discrete ID of a situation generated internally.
|Name of a situation generated automatically by correlating similar signals. See Situation Titles & their status to know how the title and status are generated.
|Discrete ID of a Situation generated from external source systems.
|Discrete ID of a signal which is correlated to form a situation. A Situation contains one or more similar signals.
|The physical device from which the Situation is created.
|First Signal Creation Time
|The time at which a primary signal is generated and correlated to form a Situation.
|The date and time at which an update is done in a Situation.
|Class and Subclass
|Type of a class and a subclass to which a Situation belongs to.
|Category and Subcategory
|Type of a category and a subcategory to which a Situation belongs to
|Status (Open-work in progress, Onhold, Response Due, Resolved - selfheal and Closed) of a Situation. You can change the status anytime manually.
|Mark as ActOn
|Converts a Situation to an ActOn.
In addition to knowing the basic details, you can perform some actions in the Situations feed which are described as follows:
Enlarge: You can maximize the situation feed by clicking on button. A screen appears with all active situations where you can check a box next to each situation and click Closed button to change the status of a Situation.
Search: Search a situation using a title, summary, external ID, Signal ID, and situation ID in the search field to get your desired situation.
Sorting Situations: By default, all situations are listed in order by when they were last received, with the most recently received situation on top. You can change the sort order of the situations in your feed.
- From the Situations feed, click the Sort icon
- Select the desired sort order from the following drop-down list:
|Time of recently received situation. The latest situation will appear on the top of the feed.
|Date the first signal on the situation was received (newest on top). The order is preserved even if the status of a situation changes.
|Newest on top
|Most recently received alerts on a situation appear on the top.
|Oldest on top
|Signal that received on situation based on the oldest date appear on the top.
Comment on a Situation: To Interact with the other participants of a situation, enter your message in the Post Message field and click Update Ticket to post your comments. You can make your message Private or Public by enabling or disabling the lock button.
Elements in a Situation
In this section, you are going to explore various elements of the Situations relevant to Digital Ops. The elements of Security related Situations are same as Security ActOns.
Situations consist of the following tabs and each tab provides you critical information of a Situation.
- Score Evidence: The score of a ticket determines how critical the Situation is. This score is generated from auto ticketing systems and it is associated with priority levels from P0 to P4. Suppose you have ten tickets that are tagged with P0 with respective scores, then you must pick and resolve the ticket which consists of the highest score.
- Functions: You can determine the scope (Domain, Organization, and Tenant) and service level impact that a Situation can create in this tab. The scope of a Situation is indicated by specific color which is shown in the following image.
- Timeline: The timeline allows you to visualize the life cycle of a situation, which helps you to understand the behavior of a signal. The timeline also shows the history of status changes that is related to a situation. Each dot on the timeline denotes the status change.
- Relevant Situations: These situations might be generated due to a change occurred in the life cycle of a situation while solving a problem associated with the situation. This section lets you see if any relevant situations are generated and what action to be taken against such situations to resolve a problem.
- Summary: Summary gives you an overview of a situation details such as Signal ID, Resource, Location, Device Class, Event Class, Event Summary, Event Message, Time at which a situation is generated, Device URL, Event URL, and number of signals that are correlated. This summary is automated using an automated system. You can edit the existing summary using Edit. If no summary is available for an active situation, you can create a summary by clicking on Add Summary button.
- Signals: These signals are relevant to each other and correlated by a rules engine to prevent the creation of multiple tickets. Click on a Signal ID to view the details such as the signal's current status, source, the total number of occurrences, signal type, and opened for how many hours since the signal is created.
In this tab, perform the following actions.
- Delink any signal from a situation using a Delink button.
- Make any signal as a root cause for generating a situation using Root Cause button. Also, you can deselect the root cause using a Unmark Root Cause button.
- Identify any signal using a specific colors. For example, Red for Root Cause signal, and blue for Primary signal.
- Search any signal using its respective ID or a title in the search field.
- Assets: Assets are the physical devices from where an issue is raised, and a signal is generated respectively to that issue. In this tab, you can see the name, type of an asset, and the type of operating system that runs on a device.
- Tasks: Tasks allow you to break the bigger problems into smaller chunks which in turn help you to collaborate among multiple stakeholders to resolve a problem associated with each situation.
You can create a task using the following steps.
- Click next to the tasks. A window appears on the screen.
- Select User in the Assign To field.
- Select a Category from the drop-down menu.
- Enter Start and Due Date.
- Type the Name of your Task (Mandatory).
- Type the Description.
- Click SUBMIT.
Converting Situations to ActOns
Situations are converted into ActOns either by defining correlation policy on certain conditions or manual intervention. Based on the policy definition, a situation can be ActOn to either Domain, or an Organization or a Tenant.
Order of Precedence
If a Situation is marked as ActOn at,
- Tenant Level
It will be an ActOn for Tenant, Organization, and Domain levels
- Organization Level
It will be a situation for Tenant level but, ActOn for Organization and Domain levels
- Domain Level
It will be a situation for Tenant and Organization but, ActOn for Domain level
To convert a Situation into an ActOn manually,
- Navigate to Resolutions --> Situations.
- Click any Situation that you would like to convert.
A Situation page opens.
- Click on Not Marked As ActOn.
A dropdown menu opens.
- Select a Tenant for which you want to notify.
- Click Save.
A notification triggers to the selected Tenant.
Note: Once a Situation is converted into an ActOn, it can not be reversed.
Changing status of a Situation
You have the flexibility to tailor the existing statuses to match your specific needs and workflows of your organization. You can often modify existing ones to align with your business requirements which ensure collaboration and productivity. Before changing the status, you should configure your desired status by using Configurable Statuses procedure.
To change the existing status to a new one,
- Navigate to Resolutions --> Situations.
Situations home page opens.
- Click the Situation in which you would prefer to change the status.
- Click Status located below the Situation name.
A dropdown menu opens where you can find the statuses that you have configured.
- Select your desired status and click Apply.
Your desired status will be assigned to that Situation.