Correlating Changes With Incidents

Correlate incidents with the system changes that caused them to gain insight on how and why they came about in the first place, ie: their Root Cause. Connect changes to incidents using any one of 3 possible correlation statuses: None (default), Suspect and Match.

Dropdown RCC StatusesDropdown RCC Statuses

Dropdown RCC Statuses

Algorithmic Correlation

BigPanda's OBML (Open Box Machine Learning) algorithms detect connections between changes made to the system and incidents. Once the change integration is active, any new or updated changes will be digested by BigPanda and normalized into standard data format.
As new incidents are created or new alerts join an existing incident, BigPanda's OBML calculates their match potential with each past change.
If a change with high match potential is found, BigPanda marks the change as Suspect and adds a comment to the info popup explaining why the change was marked.

🚧

Note

BigPanda will only mark changes as Suspect (and not Match) to give users the final say on whether or not the change is the root cause of the incident.

Change Info - BigPanda SuggestionChange Info - BigPanda Suggestion

Change Info - BigPanda Suggestion

Manual Correlation

Use BigPanda's OBML or manually correlate changes with incidents using any one of the 3 possible correlation statuses from the dropdown: None (default), Suspect and Match.

  • Changes marked Suspect are the changes suspected of being the Root Cause Change of the incident.
  • Changes marked Match are the changes that have been marked as the Root Cause Change of the incident. Changes can only be marked as a Match manually, meaning that the user has the flexibility to decide whether the change caused the incident.
Change Info - Manually MarkedChange Info - Manually Marked

Change Info - Manually Marked

Adding Comments

Users that have marked changes in the table can add comments to explain the reasoning behind their correlation. Comments can be a great foundation for collaboration, post-outage review, and machine-learning training compilation.

User CommentUser Comment

User Comment

Viewing Root Cause Change Details

Click on the change to see a popup that contains info about the user that performed the change, the most recent interaction and its date/time and the associated user. There is also the option to leave a comment to explain why the change was marked.
The icon appears when BigPanda had originally marked the change as Suspect. Hover over the information icon to get more details.

Change Details PopupChange Details Popup

Change Details Popup

Viewing the Root Cause Change Activity Feed

Indications related to the Root Cause Changes (ie: type and time of correlation, comments, latest interaction, etc.) are listed chronologically in the activity feed.

Activity FeedActivity Feed

Activity Feed


Recommended Reading

To learn more about the Related Changes section and the available change organization integrations, see: