Event Management process flow

Event Management processes events, generates alerts, and manages alert and incident resolution.

Event Management either pulls events from supported external event sources using a MID Server or pushes events from external event sources using JavaScript code.

Inbound events are collected in the Event [em_event] table and then processed in batches. For events that meet the defined criteria in alert rules, alerts are created or updated in the Alert [em_alert] table. If an alert does not exist for the event, a new alert is created. If the alert exists, the existing alert is updated appropriately.
As part of the alert life cycle, you can manage alerts in the following ways:
  • Acknowledge alerts.
  • Create a task such as an incident, problem, or change.
  • If automatic remediation tasks apply to the alert, begin automatic remediation to start a workflow.
  • Complete all tasks or remediation activities.
  • Close alerts for resolved issues.
  • Add additional information, such as a knowledge article for future reference.
Figure 1. Event Management process flow