Incident and Event Life Cycles
Event and Incident Severity Levels
Pre and Post Storage Processing
Events and Incidents Comparison Summary Incidents and events have separate but related roles in managing your network.
The key differences between incidents and events are important in understanding how to best manage the information coming into Entuity:
Incident and Event Life Cycles
Event: An event indicates a particular state of an object at the time the event was raised. An event describes a concern or anomaly at a specific moment in time (at the time the event was raised), along with the type of concern/anomaly, identity of the component, severity and further details. It does not tell you if the concern/anomaly is still present or not.
Incident: An incident indicates an ongoing condition on your network with its associated events providing the state updates. Incidents contain the same information as an event but also indicate the current state of the concern. Incidents are opened, closed and reopened by events. When you view the details of an incident, you can see the sequence of events that caused it to be opened, closed and reopened.
Incidents are usually removed from the system 7 days after they are expired, events are retained by default for 14 days.
Event and Incident Severity Levels
Events have an associated severity level, which is configurable through the Events administration page and also through actions. Incidents inherit the highest severity level of the currently raised event. For example, if an incident is raised by an event with a severity level of Major it has a severity level of Major, if it is updated by an event with the severity level of Critical the incident also inherits the Critical severity level.
Event and Incident Assignment
Incidents you can assign to users, events you cannot.
Event and Incident Annotation
Incidents you can acknowledge, events you cannot.
Pre and Post Storage Processing
In the set up of the Event Management System you can configure processing of incoming events before they are stored in the database, and also after their storage. Processing of incidents occurs after these two event stages. This indicates that incidents are raised only after the intelligence that is built into the Event Management System has been applied, which is why the Incidents dashboard is the best way to see what is happening on your network.
Comments
0 comments
Please sign in to leave a comment.