Each trigger is a set of one or more indicators that have been correlated based on certain relationships. A trigger can be the result of a manual action, also. Triggers are grouped into incidents. One or more indicators that are correlated constitute a detection which may act as a trigger.

Relationships between indicators that constitute a basis for correlation include:

  • Time (indicators occurring at approximately the same time)

  • Metric type (e.g.: RTT increase, drop increase, bandwidth exceeds 85%)

  • Application affected

  • Location

  • Network device

For example: “30 indicators are identified for slower-than-expected RTT for application Acme for 10 different endpoints at location: Vancouver”. The trigger contains all 30 indicators because of relationship “application” and relationship “location”.