Terminology and Glossary

Key terms and where to find their full definitions:

  • Data source

    • A data source is a Riverbed Technology product in your network that forwards data to Riverbed IQ Ops. That data is used both for streaming analytics (anomaly detection and incident generation) and for on-demand queries when runbooks run. For more information, see Data Source.

  • Detection

    • A detection is one or more correlated indicators. When a detection starts a runbook run, it acts as a trigger. For more information, see Detection.

  • Indicator

    • An indicator is a change in a specific metric stream that the platform treats as outside the expected model (for example, versus recent history, configured thresholds, or seasonally adjusted baselines). Indicators are correlated into triggers and grouped into incidents. For more information, see Indicator.

  • Incident

    • An incident begins with a trigger (one or more correlated indicators). Incidents appear on the Incidents page with runbook output to help identify the cause. For more information, see Incident.

  • Riverbed Edge

    • Riverbed Edge is the component you deploy in your network or in the cloud to act as the data broker between Riverbed IQ Ops and other Riverbed products (such as Riverbed NetIM, Riverbed NetProfiler, and Riverbed AppResponse). For more information, see Riverbed Edge definition.

  • Service tags

    • Service Tags are used with integrations to configure connectors and to match connectors to runbook nodes when you assign or import runbooks. Setting Service Tags is optional but recommended. For more information, see Service Tags.

Glossary

  • AI
    Artificial Intelligence. Technology that applies intelligence and automation to observe environments, detect anomalous behavior, and execute automated investigations.
  • Anomaly
    An unexpected event or measurement that does not match the expected model.
  • API
    Application Programming Interface. A set of protocols and tools that allows different applications to communicate with each other, enabling runbook execution and data retrieval from external systems.
  • Application
    An entity type representing software applications deployed in the customer environment that are monitored for performance and anomalies.
  • Automation
    Automated procedures that are executed as the result of a trigger. Automations consist of a single entry point and a sequence of connected nodes that define the processing logic.
  • AWS
    Amazon Web Services. A cloud computing platform that provides infrastructure services, including data storage and AI inference services used by IQ Assist.
  • Azure
    Microsoft Azure. A cloud computing platform that provides infrastructure services, including blob storage for PCAP files and AI inference services used by IQ Assist.
  • Capture Job
    Writes network packets to local disk for continuous or on-demand captures.
  • Capture Profile
    A configuration template that defines packet capture parameters.
  • Data Query
    A runbook node category that gets data about the trigger and forwards it to other nodes in the runbook for further processing.
  • Data Source
    A product in your network that forwards data to the system. This data can be streaming data used to detect anomalies and generate incidents, or data that can be fetched on demand when runbooks are executed.
  • Detection
    One or more indicators that are correlated and may act as a trigger for incident creation or runbook execution.
  • Device
    An entity type representing network devices or hardware components deployed in the customer environment that are monitored for performance and anomalies.
  • Entity
    Things deployed in the customer environment that are needed to run the business, such as applications, devices, interfaces, and locations.
  • External Runbook
    A runbook that triggers in response to a configured API call, allowing external systems to initiate runbook execution programmatically.
  • Function
    A runbook node category that aggregates or transforms data forwarded from a preceding node, enabling data manipulation and analysis.
  • GenAI
    Generative AI. Artificial intelligence technology that can generate new content, such as text, based on learned patterns from training data.
  • Group by
    In Workspaces Data Forensics, a dimension (e.g. application, host, service, client IP) that you choose from the sidebar to load data into the main table. Data is aggregated or broken down by that dimension. The sidebar lists available group bys for the selected analysis workspace.
  • Harvest
    The process of retrieving PCAP files from Packet Capture Module devices and transferring them to a customer-provided repository for analysis.
  • HTTP
    Hypertext Transfer Protocol. A protocol used for transmitting data over the internet, commonly used in webhook runbooks and integrations with external systems.
  • Impact
    A runbook node category that marks network resources as affected by the incident, helping to identify the scope and business impact of issues.
  • Incident
    A collection of one or more related triggers. Relationships that cause triggers to be combined into incidents include application, location, operating system, or a trigger by itself.
  • Incident Automation
    A runbook that executes automatically whenever a new incident is created, performing investigation and analysis based on available data and context.
  • Incident Summary
    A consolidated view of key information about an incident, including basic details and runbook output data to assist in identifying the incident's underlying cause.
  • Indicator
    An observed change in a specific metric stream that is recognized as being outside of an expected model. Indicators are correlated into triggers, and one or more triggers are grouped into incidents.
  • Integration
    A runbook node category that works with other applications, such as HTTP calls, to enable communication with external systems and third-party tools.
  • Interface
    An entity type representing network interfaces on devices that are monitored for performance metrics and anomalies.
  • IQ
    Product abbreviation for the AI-Ops platform that provides intelligent operations and automation capabilities.
  • ISD
    Aternity ISD. A type of external runbook that is created in Aternity and shows a truncated set of nodes in the editor.
  • JSON
    JavaScript Object Notation. A lightweight data interchange format commonly used for transmitting data between systems, particularly in API calls and webhook integrations.
  • Lifecycle Automation
    A runbook that executes automatically when a triggering lifecycle event occurs on an incident, such as status changes or priority updates.
  • LLM
    Large Language Model. A type of artificial intelligence model that processes and generates human-like text based on patterns learned from vast amounts of training data.
  • Location
    An entity type representing physical or logical locations in the customer environment where entities are deployed and monitored.
  • Logic
    A runbook node category that adds conditions to branch the runbook, enabling conditional execution paths based on data and context.
  • Metric
    A measurement or data point that is monitored and analyzed to detect anomalies and generate incidents.
  • OAuth
    OAuth2. An authentication protocol that allows applications to access resources on behalf of users without sharing passwords, used for API access and third-party integrations.
  • On-Demand Runbook
    A runbook that triggers as required, either manually on-demand or as scheduled, to collect critical data and assist users with investigation tasks.
  • PCAP
    Packet Capture. A file format that contains captured network packet data, typically used for network analysis and troubleshooting.
  • PCM
    Packet Capture Module. A module that performs operations related to packet capture, allowing you to capture network packets and store them as PCAP files for analysis.
  • PCM Admin
    A role with full access to all Packet Capture Module features and settings, including global settings, capture profiles, storage profiles, and device information.
  • PCM Harvester
    A role that can perform harvests and view capture job status, device information, and harvest history, but cannot start or stop captures or modify any settings.
  • PCM Operator
    A role that can create, start, stop, and manage capture jobs, perform harvests, and view device status, but cannot modify global settings or repository configurations.
  • Playbook
    A set of procedures or workflows that use runbook output within a broader context to guide investigation and remediation activities.
  • Priority
    A classification that indicates the importance or urgency of an incident, used to prioritize investigation and remediation efforts.
  • RBAC
    Role-Based Access Control
  • Runbook
    An automated workflow that executes a series of steps or tasks in response to a triggered event, such as the detection of anomalous behavior generating an incident, a lifecycle event, or a manually executed runbook.
  • Runbook Node
    Individual components that make up a runbook automation, each performing a specific function such as data queries, transformations, logic, integrations, or visualizations.
  • Runbook Output
    A document containing data sets generated by the execution of a runbook, including output of queries and reports from point products, as well as output of analysis or other runbook nodes.
  • S3
    Amazon Simple Storage Service. A cloud storage service provided by Amazon Web Services that can be used as a repository for storing PCAP files from the Packet Capture Module.
  • SAS
    Shared Access Signature. A secure way to grant limited access to Azure storage resources without sharing storage account keys. A SAS token contains permissions and an expiration time.
  • Status
    The current state of an incident or runbook, indicating its progress through investigation and resolution workflows.
  • Storage Profile
    A configuration that defines where the Packet Capture Module stores PCAP files, specifying the storage type and connection details for customer-managed repositories.
  • Subflow
    A reusable automation chunk that performs frequently used functions, such as opening a ticket in an external system, and can be used to implement integrations with third-party systems.
  • Telemetry Stream
    A continuous flow of measurement data from data sources that is used to detect anomalies and generate incidents.
  • Trigger
    A set of one or more indicators that have been correlated based on certain relationships, such as time, metric type, application affected, location, or network device.
  • Trigger Entity
    A runbook node category that starts the runbook with a single trigger, serving as the entry point for runbook execution.
  • UI
    User Interface. The visual components and controls that users interact with to access features and manage the system.
  • URL
    Uniform Resource Locator. The address used to access resources on the internet, such as webhook endpoints or API endpoints for runbook automation.
  • Variable
    A runbook node category that defines variables for manipulating data, enabling storage and transformation of values throughout runbook execution.
  • Visualization
    A runbook node category that shows data in a chart, graph, table, or note, providing visual representation of analysis results in runbook output.