ITOps v7.1-Release Description

Contents

Alert Console Configurability
1. Make ‘More’ fields section in Alert Console configurable at Project level
2. Alert Report Download Improvements - Include newly added columns from 'More' section
Support for Forescout

Support ticket creations format specific to Forescout
Ability to create correlation rules using MACID

Improving alert processing

Allow configuration to specify ticketing condition based on cluster size and duration
Ticket created from ITOps must have source of the alert source prefixed in ticket title (short description in SNOW)
Prevent auto Closure of Assigned Tickets
E-mail parsing changes to avoid information loss by capturing full alert text from all channel types
Ability to capture 'Closure Note' from Alert Console and Ticket details
Introduce First Alert Time, Last Alert Time and changes to how Modified Time works in Alert Cluster

Alert Details Page

Ability to view Alert cluster information and associated information as different page
Show similar tickets in Alert details page

Device Inventory
ITOps Configuration Improvement

Handle mapping of Severity Levels of Integrated Tools via UI

Notifications

See notifications of actions triggered from Alert console

Support PWF integration to ITOps PAAS
Alert Console Usability Improvements

Alert Console Search: Ability to search the console by Alert Message, Source, Metric

Alert Console Configurability

Make ‘More’ fields section in Alert Console configurable at Project level

An ITOps Admin is enabled with the privilege to decide the fields that should be displayed in the 'More' section in the alert console so that Admin user can enable new fields from the source part of the console. In addition, ITOps Admin users will be enabled with the provision to provide the display name and display order.

Alert Report Download Improvements - Include newly added columns from 'More' section

Alert Report Download feature has been enhanced to download “Alert Report” as well as “Alert Processing Report”

Alert Processing Report can be downloaded by selecting a date range (not exceeding 7 days).

Support for Forescout

Support ticket creations format specific to Forescout

For any ticket created for a cluster with base alert from Forescout, following format will be followed:

Ticket short description - [Forescout] <Alert Message> Device has been NAC’d - <IP Address>
Long description <Alert Message full Text> followed by [No of occurrences:XX] ][First occurrence:XXXXXXXX] (no of occurrence = cluster size,First occurrence = alert created time of base alert)

This format will be followed for:

New tickets created by workflow
Tickets created by splitting cluster

Ability to create correlation rules using MACID

ITOps is enabled with the capability to create correlation rules using MAC iD.

Improving alert processing

Allow configuration to specify ticketing condition based on cluster size and duration

ITOps Admin users will be able to use Alert Cluster Size and duration, so that once the threshold cluster size is reached within the time window, ticket will be automatically created. User will be able to specify cluster size and duration for each source. User will be able to add only one configuration per source.

Ticket created from ITOps must have source of the alert source prefixed in ticket title (short description in SNOW)

ITOps users will be able to view the source name in title (short description) to understand the source of the alert easily. Any ticket created from ITOPs will have source of the alert source prefixed in ticket title (short description in SNOW).

Format of the short description - [Source] [Alert Message]

Prevent auto Closure of Assigned Tickets

Tickets in 'Assigned' status will not be auto closed and must be retained in same status. The recovery alert information received must be added as a comment only. Tickets in “Assignment – In Progress” state also will be treated similar to “Assigned” status. A comment will be available stating that a recovery alert for the cluster has been received.

E-mail parsing changes to avoid information loss by capturing full alert text from all channel types

Email parsing enhancements enables capturing of complete alert related texts from all channel types. Following fields will be extracted and mapped to Alert Store in Elastic, from the alerts received from Fore Scout Counter ACT,

Subject of E-mail - Alert Message
Value of ForeScout CounterACT has detected event: Alert Name - If Empty use the same as Alert Message
Admission Event - Metric
IP Address - IP Address
Host Name - Resource Name
NIC Vendor - Vendor
OS Finger Print - Operating System (New Field)
Switch Location - Site
MAC Address - MAC Address (New Field)
DNS Name - DNS Name
Switch IP and DESC - Connected to

Ability to capture 'Closure Note' from Alert Console and Ticket details

An ITOps user will be able to see the resolution comment in 'Closure note' field of Service now so that the user can easily understand the resolution reason. Whenever ITOPs auto closes a ticket the comment posted must be available in the 'Closure Note' field in service now.

Introduce First Alert Time, Last Alert Time and changes to how Modified Time works in Alert Cluster

ITOps Alert page is displayed with First Alert Time, Last Alert Time and other details.

Alert Details Page

Ability to view Alert cluster information and associated information as different page

ITOps user will be able to see the alert cluster details as separate page to get a comprehensive idea of the cluster and take corresponding action. Clicking on Alert Cluster ID opens alert details page as a separate tab within alert console.

Show similar tickets in Alert details page

ITOps user will be able to view tickets which are similar to the ticket and their resolutions so that the user can easily resolve open tickets.

Device Inventory

ITOps is enhanced with the capability to add and view the list of related devices. ITOps UI enables to:

View the Inventory Listing page: Enables to view the complete list of inventories/devices configured.
Configure columns in Device Inventory listing: Columns to be displayed for each devices can be configured.
Search facility: Ability to search device inventory from Device Inventory Listing page is available.
Add device to inventory: Enables to add a new device as per requirement.
Import Device Inventory: Enables to import device inventory in excel format from UI.
Add 'Fail over Device', 'MAC Address', 'Impact Radius', 'Decommissioned' fields to device inventory

ITOps Configuration Improvement

Handle mapping of Severity Levels of Integrated Tools via UI

An ITOps Admin user will be able to map the incoming alert severity levels to SmartOps Severity Levels.

Notifications

See notifications of actions triggered from Alert console

An ITOps user will be able to view the notifications of actions triggered from alert console.

Support PWF integration to ITOps PAAS

ITOps PWF is enhanced to integrate Support PWF. SmartOps 7.0 had enabled Monitoring PWF along with ITOps.

Monitoring and Support are integrated two independent features. While creating a project for a customer within the Organization, an option will be available to confirm whether Support or Monitoring is required to be created

If Monitoring is selected. the user will be able set up Monitoring component of ITOps built as part of 7.0
If Support is selected, user will be able to set up Support component, which in 7.1 will be similar to Support Packaged Workflow, with theme similar to ITOps.
In case a customer want to support the tickets created by the Monitoring component, the that user needs to navigate to Support component based project created to access the same ITSM account to which Monitoring Component created tickets.

Alert Console Usability Improvements

Alert Console Search: Ability to search the console by Alert Message, Source, Metric

ITOps PWF enables to search the console using Alert Message, Source, and Metric. Search will be limited to base alerts.