Advanced Promotion Engine (APE) helps users reduce false positive anomaly alerts by configuring a set of simple rules and promoting to IT alerts only alerts that meet this specific set of rules.
Using Alert Grouping, these promoted alerts are grouped to a single alert, significantly reducing the original number of anomaly alerts.
Advanced Promotion Engine refers to anomaly alerts as triggering events. Additional guardrails and definitions have been added to find several anomaly alerts and the relationship between them on the same CI, for alert promotions to the "All Alerts" table. These promotions reduce alert noise and increase the operation team's confidence.
Provide the user with a set of rules to determine if an anomaly alert should be promoted to an IT alert:
- CI type + condition
- Severity
- Time window
- Number of alerts in time window
Changed:
Admin role- Removing access rights for several system properties can now be done only by the security_admin role.
N/A
Other Requirements:
N/A