Case Management Features

Correlated events/alerts are clustered as cases in ZIF. Operators analyze each case that is generated and takes appropriate actions as per the operating procedures.

Each correlation that is generated by the algorithm is identified by a unique ID called Case ID. Text “ZIF” is added as a prefix to the id, which helps operators track incidents created by ZIF.

Description of the case that is displayed next to the case id is the probable Root Cause for the identified correlation.

To View Suppression or Correlation use the toggle available in the settings menu on this screen. Toggling between these would enable the operations team to view cases created either from Suppression or Correlation.

To map the severity of alerts that are generated from 3rd party monitoring tools, navigate to Settings menu -> Platform Settings -> Severity Mapping.

After selecting the tool name from the drop-down, the tool severity will be populated and the respective ZIF severity can be mapped by the user.