Raw alert data contains very limited information, often consisting of id, severity, message/description, rule name and asset IP/host name. This information doesn't provide enough service context (application or service name, environment, machine-type etc.) or support ability context (NOC id, site-id, department, support-group etc.) which are essential data for efficient correlation of alerts. OIA performs automated alert data enrichment using a combination of following approaches
Enrichment with stacks and asset context established through Data Analysis & Stitching module
Enrichment with stacks and asset context that is dynamically discovered/resolved for elastic environments
Alert enrichment provides additional context to alerts for effective correlation. The user can view enriched attributes by selecting 'View Enriched Attributes' on context menu of the alert as shown.