Terms like ‘alert’ play an important role in understanding IT and OT operations. There is usually an abundance of interpretations and definitions. You will also find different naming conventions with each vendor of tools for monitoring and service management. So, let’s dive in. How is an alert defined?
Some define alerts as events that meet a certain thresh-hold, have a specific relevance (as in ITIL – events of warning/alert type) or require action.
Let’s start with this:
“An alert is a notification that a particular event (or series of events) has occurred, which is sent to responsible parties for the purpose of spawning action” Source: danielmiessner.com
Here we again see some confusion between alerts and notifications. To be precise, an alert is not a notification but just the pure occurrence of a specific event (meeting criteria) or a series of events (meeting criteria but also a number of similar events can be a criteria in itself). In a mon itoring tool or SCADA, an alert is a specific event or triggered by an event and is usually made visible in the console. It can also trigger an action (auto-recovery) or a notification.
This definition is to thte point:
“Not a by the book definition, simply my understanding: An event will happen. It happens even if it is not detected and flagged. An alert is when a monitoring system detects it and raises this fact somewhere for further processing (and potentially triggers a notification as well). So an Alert is always in response to an event (in other words there is always an event with an alert) but there is not always an alert with an event.” Source here
How SIGNL4 relates to an alert
SIGNL4 process events from a variety of sources. Based on rules and logic, it decides if to turn an event into alert and subsequently alert notifcations. Incoming events may already be qualified as alerts by the originating system, e.g. an IT monitoring tool.
The core task of SIGNL4 is to ensure alerts are sent to the right person at the right time, anywhere. It also manages the lifecycle of an alert. So, when created an alert has the status of ‘new’. If a user responds, the status can be set to ‘acknowledged’ or once the problem is solved, to ‘closed’. Based on lifecycle status and past time, SIGNL4 can for instance escalate alers to other teams and people. Learn more