Alert Enrichment

How it Works, Viewing Enriched Attributes

Overview

Raw alert data contains very limited information, often consisting of id, severity, message/description, rule name and asset IP/host name. This information doesn't provide enough service context (application or service name, environment, machine-type etc.) or support ability context (NOC id, site-id, department, support-group etc.) which are essential data for efficient correlation of alerts. OIA performs automated alert data enrichment using a combination of following approaches

  • Enrichment with stacks and asset context established through Data Analysis & Stitching module

  • Enrichment with stacks and asset context that is dynamically discovered/resolved for elastic environments

Viewing Alert Enrichment Data

Alert enrichment provides additional context to alerts for effective correlation. The user can view enriched attributes by selecting 'View Enriched Attributes' on context menu of the alert as shown.