Governance
Alert governance refers to the establishment and enforcement of policies and practices aimed at managing and optimizing the alert lifecycle. This includes deduplication, correlation, enrichment, and other strategies to ensure that the right alerts are presented to IT operators at the right time, reducing noise and improving incident response efficiency.
Functionality of Alert Governance:
Deduplication and Correlation: Alert Governance employs sophisticated mechanisms for deduplicating and correlating events. This strategic approach minimizes redundancy.
Enhanced Comprehension: Through deduplication and correlation, Alert Governance enhances comprehension by eliminating superfluous alerts.
Efficient Response Mechanisms: The primary objective of Alert Governance is to optimize response mechanisms. By streamlining the alert process, it reduces delays in identification and resolution, fostering operational efficiency.
Navigating the Governance Dashboard:
You can explore details of policies, user activities, and leverage visualizations for quick insights. This tabular representation allows to quickly assess the details of various governance policies in one centralized view. It provides essential information such as the policy's purpose, type, last editor, edit date, and its current state. This enables efficient monitoring, management, and adjustment of governance policies as needed.
Policy Name: The unique name or identifier of the governance policy.
Priority: The priority column in the governance tab indicates the relative importance or urgency of each policy. In this system, a higher number indicates a lower priority, while a lower number signifies a higher priority.
Description: A brief description explaining the purpose or focus of the policy.
Policy Type: The type or category of the policy (e.g., Deduplication, Correlation, Enrichment).
Edited By: The user or team who last edited or modified the policy.
Edit Date: The date and timestamp when the policy was last edited or updated.
State: Indicates the current status of the policy (e.g., enable, disable).
What is YAML?
YAML serves as a flexible and human-readable data serialization format that plays a pivotal role in configuring and defining policies. It empowers users to express complex configurations and settings clearly and concisely, facilitating the seamless integration of governance rules within AIOps environments.
Creating a New Policy
To create a new policy, follow these steps:
Click New Policy.
Upload YAML File Select the YAML file intended for the policy and upload it using the provided upload function.
Configuring Alert Correlation Policy Using YAML
Section 1: Creating YAML-format Configuration
Duplicate the "alert-policy.yaml" File Make a copy of the existing "alert-policy.yaml" file.
Edit the Configuration: Modify the duplicated file to configure the integration as required for your setup.
Upload the Configured File Use the provided upload feature to submit the edited YAML file containing the policy logic.
Section 2: Adding General Information
Enter the following details:
Policy Name and Description Provide a name and a description of the policy. For client-specific policies, include relevant tenant organisation names. It is not mandatory to have a Tenant ID.
Section 3: Selecting Resources
Select Resources Identify resources where alerts should match the policy. Filter resources by name, type, or group.
Section 4: Adding Alert Conditions
Alert Conditions Filter the types of alerts occurring on the selected resources. If no conditions are specified, all alerts on the chosen resources will match this policy.
Section 5: Adding Actions
Suppress: Mute notifications related to the alerts.
Escalate to Incident: Convert an alert into an incident and assign it to a user.
Run Process: Attach a process definition to an alert and execute the process.
Send Notification: Alert users for acknowledgement purposes.
Fix: Execute actions to resolve the alert.
Note
If you are adding multiple action in same policy, they will be execuateed in seq.
Examples:
Type: Correlation
Type: Suppression
Type: Enrichment
Field | Mandatory | Details |
|---|---|---|
Name | Yes | Name of the alert policy. |
Description | No | Specifics regarding the policy, its execution timeline, and the actions it entails. |
Criteria | No | Key rules at the top, checked for every new alert. If they match, the policy's "actions" are carried out. |
Field | Possible Values | Details |
|---|---|---|
Type | correlate | Mandatory field, represents type of the policy. |
Description | (User can define their own values) | Short description of the correlate policy. |
criteria | User configured criteria such as Alert Severity,Event Type,Custom Tags, location and so on. | When this condition is satisfied, new alerts will be compared with previously received ones using the specified query criteria. |
elementType | appObject/container/deployment/node/persistentvolumeclaim/pod/service | Element for which this policy is applicable. |
link type | parent/child | If the link type is 'parent,' the policy retrieves previously received alerts and connects the incoming alert to them as a parent. If the link type is 'child,' the policy fetches prior alerts and creates a child relationship with each one. |
query | (User can define their own values) | Solr query to fetch the ingested alerts. |
size | Default: 1 |
Retrieve and correlate the incoming alert with the count of alerts fetched using a Solr query. |
Field | Possible Values | Details |
|---|---|---|
Type | Drop | Mandatory field, represents type of the policy. |
Description | (User can define their own values) | Short description of the suppression policy. |
Criteria | User configured criteria | If this criteria meets, incoming alerts will be dropped. |
Field | Possible Values | Details |
|---|---|---|
Type | Enrich | Mandatory field, represents type of the policy. |
Description | (User can define their own values) | Short description of the enrichment policy. |
Criteria | User Configured Criteria | If this criteria meets, fields from the incoming alert will be enriched as per the assignments configured in this policy. |
Set | (User can define their own values) | This is a keyword, followed by the name and value of fields from the alert which should get enriched if the policy criteria matches. |
Upload Configured YAML-file
Upload the edited YAML file containing the configured policy through the provided upload functionality.
Viewing Policy List
Access the Governance Dashboard: Navigate to the Governance Dashboard interface.
View Policies: From the dashboard, access the list of created policies.
Policy Details
Click on a Policy: Review the policy details, including its enabled or disabled status.
View Syntax: Explore the policy syntax to understand its structure and rules.
Upload Another YAML File: Replace or upload a different YAML file associated with the policy.
Modifying Policies
Upload/Replace YAML File: Click "Upload Another File". Use this option to upload a new YAML file or replace the existing one linked to the policy.
Deleting a Policy: Choose this option to permanently remove the policy from the system.