Incident Runbooks

Incident runbooks are runbooksClosed An automated workflow that executes a series of steps or tasks in response to a triggered event, such as the detection of anomalous behavior generating an incident, a lifecycle event, or a manually executed runbook. that execute automatically whenever a new incidentClosed A collection of one or more related triggers. Relationships that cause triggers to be combined into incidents include application, location, operating system, or a trigger by itself. is created.

New incidents are created when the Riverbed IQ Ops analytics pipeline detects anomalousClosed An unexpected event or measurement that does not match the expected model. behavior in key metricsClosed A measurement or data point that is monitored and analyzed to detect anomalies and generate incidents. from data sourcesClosed A product in your network that forwards data to the system. This data can be streaming data used to detect anomalies and generate incidents, or data that can be fetched on demand when runbooks are executed.. Those metrics can be associated with entitiesClosed Things deployed in the customer environment that are needed to run the business, such as applications, devices, interfaces, and locations. such as applicationsClosed An entity type representing software applications deployed in the customer environment that are monitored for performance and anomalies., devicesClosed An entity type representing network devices or hardware components deployed in the customer environment that are monitored for performance and anomalies., interfacesClosed An entity type representing network interfaces on devices that are monitored for performance metrics and anomalies., and locationsClosed An entity type representing physical or logical locations in the customer environment where entities are deployed and monitored.. An anomalous event for any of these entity types is surfaced as a new incident and triggersClosed A set of one or more indicators that have been correlated based on certain relationships, such as time, metric type, application affected, location, or network device. an associated runbook based on that source entity type.

The runbook that runs is determined by the Triggering EntityClosed A runbook node category that starts the runbook with a single trigger, serving as the entry point for runbook execution. for the source entity type: Application, Device, Interface, or Location. The runbook runs its processing logicClosed A runbook node category that adds conditions to branch the runbook, enabling conditional execution paths based on data and context. using the available data and context, and the resulting runbook analysis is attached to the incident.

Riverbed IQ Ops provides built-in incident runbooks as default templates you can customize. For details, see the topics for the built-in incident runbooks (e.g. Device Down Issue, Interface Performance Issue, Multi-Device Down Issue, Application Location Performance Issue).