About analytics-created policies

Policies take action against incoming events.

You can select between three different tabs on the Policies GUI. The Created by analytics tab lists all of the policies that are created and deployed by the various Netcool® Operations Insight® analytics algorithms.

The Suggested policies tab displays policies that are suggested by analytics. Administrators can activate suggested policies to act on incoming events and reject unwanted policies.

Policies that have been archived by administrators or senior operators are shown in the Archived tab. Archived policies don't act on incoming events.

Figure 1. Policies GUI
Policies GUI

Toolbar

The toolbar options are listed in the following table.
Table 1. Policy table toolbar
Item Description
Filter Filter icon Filters the table based on the type and status of the policies. You can filter based on the following:
Created by
Filters by policy type. Options are:
  • Alert
  • Temporal grouping
  • Scope
  • Seasonality
  • Self-monitoring
  • Temporal patterns
  • Topological correlation
  • Topological enrichment
Status
Status of the policy. Options are:
  • Enabled
  • Disabled
Refresh Refresh icon The Policies table does not automatically refresh. Click here to refresh the table with the latest policy information.

Policy table

Depending on which tab you selected this table shows policies created by the various analytics policies, in Review first mode it shows temporal policies suggested by the analytics and requiring review, and it also displays archived policies.
Table 2. Policies table columns
Column name Description
Policy name A global unique identifier string to identify the policy. To customize a policy name, click the menu overflow icon Overflow menu icon and select Rename.
Created by Identifies which of the following Netcool Operations Insight analytics algorithm created the policy:
Temporal Groupings
Policies created by the related events algorithm groups events that are historically related. The related events function deploys chosen correlation rules, which are derived from related events configurations.
Seasonality
Seasonality policies identify individual alerts that tend to occur at a certain time.
Scope
Groups events together based on an operator defined scope.
Topological correlation
Groups events that occur on resources within a pre-defined section of your topology.
Topological enrichment
Enriches those alerts that occur on resources that are located somewhere within the topology.
Temporal patterns
Temporal correlation identifies groups of events that tend to occur together within your monitored environment.
Self-Monitoring
A self-monitoring policy can be enabled to provide assurance that Cloud Native Analytics is processing events. This policy is disabled by default.
Last updated by Displays the last user or algorithm to update the policy and a timestamp of the modification.
Ranking Analytics policies are automatically ordered in the table based on a predefined ranking that is calculated by using the metrics of the policies. Policy metrics include criteria such as the maximum severity of the event or group and how recently the event or group occurred. The size of the group and the number of times a group or event occurs are also metrics that are used to rank policies. Hover over the ranking indicator to display the ranking metrics that are applied to that policy.
Max severity The maximum severity of events within the policy when it was found. By default, there are six severity levels, each indicated by a different colored icon in the event list. The highest severity level is Critical and the lowest severity level is Clear, as shown in the following list:
  • Critical severity icon Critical
  • Major severity icon Major
  • Minor severity icon Minor
  • Warning severity icon Warning
  • Indeterminate severity icon Indeterminate
  • Clear severity icon Clear
Event count Shows the number of events that the policy captures.
Occurrences In the Created by analytics and Archived tabs, this column indicates the number of occurrences that are observed in the historical data when the policy was activated. In the Suggested tab, it is the number of occurrences of the policy in the historical data.
Actions Indicates the action that a policy is taking against incoming events. For example, Correlate action item groups a set of events together and Enrich action item updates the fields in a specific event.
Comment Text to describe the reasons for activating or archiving a policy. The comment is saved together with the activated or archived policy, providing you with an audit trail. Comments can be made against related events and temporal patterns policies.
Automatic updates Indicates whether automatic updates for the policy are currently enabled or disabled. Policies that have automatic updates enabled are continually re-evaluated and updated by Netcool Operations Insight analytics. You can disable automatic updates on Temporal Grouping and Temporal Pattern policies. Once disabled, automatic updates cannot be reenabled.
Status Indicates whether a policy is Enabled Toggle on button or Disabled Toggle off button. With the exception of seasonality policies, you can click the toggle button to change a policy status. Disabled policies do not take any action against incoming events.