Detection
A detection
One or more indicators that are correlated and may act as a trigger for incident creation or runbook execution. is the correlation of one or more indicators An observed change in a specific metric stream that is recognized as being outside of an expected model. Indicators are correlated into triggers, and one or more triggers are grouped into incidents.. A detection constitutes a trigger A set of one or more indicators that have been correlated based on certain relationships, such as time, metric type, application affected, location, or network device. if the detection initiates the execution of a runbook An automated workflow that executes a series of steps or tasks in response to a triggered event, such as the detection of anomalous behavior generating an incident, a lifecycle event, or a manually executed runbook..