Task: Execute Response On Warning
The purpose of this task is to trigger an appropriate response to a "warning" type of event. This could either be an auto response that is already configured in the tool, or an alert that requires human attention.
Relationships
RolesPrimary Performer: Additional Performers:
Outputs
    Process Usage
    Main Description

    If the correlation activity recognizes an event as a “warning”, it can trigger the system for one of the two responses mentioned below.

    Auto response – In this case, the trigger will initiate an appropriate response that is already defined and automated within the system. Once executed, the response will be evaluated to verify if it was completed successfully. If not, another response may need to be triggered.

    Examples of auto responses include:

    • Rebooting a device
    • Restarting a service
    • Submitting a job into batch
    • Changing a parameter on a device
    • Locking a device or application to protect it against unauthorized access.

    Alert – If an existing response is not found for an event, human intervention would be required to resolve the same. In this case, the trigger will initiate an alert. The alert will contain all the information necessary to determine the appropriate action – including reference to any documentation required (e.g. user manuals). The Event Analyst will understand the alert and perform the specific actions on the device to resolve.