top of page

Things to Consider for Incident Generation

Introduction | Guidelines


 

Introduction

 

Incident Generation is the final milestone for the implementation of Discovery Admin.

Note, that we can iteratively add IECs for Incident Generation instead of enabling Incidents for all IECs at once.


While most Customers generate Incidents with Discovery Admin, we have seen a few Customers only generate incidents for their internal teams and engage external support teams leveraging Dashboards and Reports.

A smaller subset of Customers prefer not to generate Incidents and only use Dashboards and Reports as their final milestone. 


By default, generating Incidents via Discovery Admin is disabled, to prevent accidental Incident Generation. 


 

Guidelines

 

The following guidelines highlight Things to Consider as you make your decision to Generate Incidents with Discovery Admin: 

  • For starters, just because you can generate incidents with Discovery Admin, doesn't mean that you should. Several Customers do not generate incidents and engage internal support teams leveraging Dashboards and Reports built on the results of Discovery Admin.

  • If you are ready for Incident Generation, Prioritize IECs to scope a subset of IECs for Incident Generation.

  • Customers often prioritize a larger set of IECs for Dashboards and Reports with only a subset of those IECs scoped for Incident Generation. 

  • It's important to get approval from the Support Groups configured to receive the Incidents so they know what to expect. 

  • The feedback loop with the Support Groups is very important. Inputs received from the Support Groups can be used to further tweak how Incidents are generated via the Discovery Admin Incident Generation properties.

  • Incident Resolution can be done using one of the following two approaches: 

    • Close the Incident ONLY when ALL the IP Addresses included in the Incident Description are remediated: This approach works great when we limit the number of IP Addresses included in the Incident and we are close to addressing all the Issues associated with an IEC.

    • Close the Incident when SOME of the IP Addresses included in the Incident Description are remediated: This approach aligns more with the 80-20 rule allowing teams to fix a majority of the issues with lesser effort, leaving the heavy lifting to Discovery Admin to identify what is still not being discovered and including it appropriately in the next Incident Generation cycle.


bottom of page