Incident management and messages The system monitoring process needs to follow up the incidents arising in the system besides receiving and processing the data to be monitored in each time interval Pandora uses a tool called Incident Manager for this task, where each user can open an incident, where a description of what happened in the network is shown. This can be completed with comments and files when necessary. This system is designed for group work. Different roles and workflow systems permit to move incidents from one group to another. The system allows different groups and different users to work on the same incident, sharing information and files. Clicking on "Manage Incidents", in the Operation menu, a list showing all the incidents is displayed, ordered by the date-time they were updated. Filters can be applied to display only those incidents the user is interested on. The filters that can be applied are: Incident status filter. The user can display: - All incidents - Active incidents - Closed incidents - Rejected incidents - Expired incidents Property filter. The incidents are shown by: - All priorities - Informative priority - Low priority - Medium priority - High priority - Very high priority - Maintenance Group filter. It can be selected to display just the incidents of a given Pandora group. The incident list is displayed showing information in the following columns: ID: ID of the incident. Status: The incident status is represented by the following icons: Active incident Active incident with comments Rejected incident Closed incident Expired incident Incident name: Name given to the incident Priority: The incident assigned priority is represented by the following icons: Very high priority High priority Medium priority Low priority Informative priority Maintenance priority Group: The name of the group the incident has been assigned to. One incident can only belong to a single group. Updated at: This is the date/time the incident was updated for the last time. Source: The source of the incident. The source is selected from a list stored in the data base. This list can only be modified by the database base administrator. Owner: User to whom the incident has been assigned to. It doesn't coinced with the creator of the incident, as the incident may have been moved from one user to another. The incident can be assigned to another user by its owner, or by a user with management privileges over the group the incidents belong to. Adding an incident The creation of incidents is performed by clicking on "Manage Incidents" > "New incident", in the Operation menu The "Create Incident" form will come up, containing the necessary fields to define the incident. The process is completed by clicking on the "Create" button. Incident follow up All the open incidents can be followed up. The tool is reached by clicking on the "Manage Incidents" option, in the Operation menu. The indicent is selected by clicking on its name in the "Incident name" column. The screen coming up shows us the configuration variables of the incident, its comments and attached files. The first part of the screen contains the Incident configuration From this form the following values can be updated: Incident name Incident owner Incident status Incident source Group the indicent will belong to Indicent priority The indicent is updated by clicking on the "Update incident" button. Adding comments to an incident Comments about the incident can added clicking on "Add note". This will open up a screen with a text box in it. The comment is written in this box. The Comment will appear in the "Notes attached to incident" section after the button "Add" is pressed. Only users with writting privilieges can add a comment, and only the owners of the incident or of the notes can delete them. Attaching files to an incident Sometimes it is necessary to link an incident with an image, a configuration file, or any kind of file. The files are attached in the "Attach file" section. Here the file can be searched for in the local machine and attached when the "Upload" button is pressed. Only a user with writing privileges can attach a file, and only the owner of the incident or of the file can delete it. The incident follow up screen shows all the files attached to the incident in the "Attached files" section of the screen. Searching for an incident A specific incident can be found among the incidents created in Pandora by either using a filter, as explained in the first section of this chapter, or by making a query using the "Manage Incidents" > "Searh Incident" tool, in the Operation menu. Any text string included as a sub-string in the incident can be searched for using this tool. This search engine looks for the string in the Incident title as well as in the text contained by the incident. The search engine will not search either the Comments added to the agent or the attached files. The search can be performed in addition to group, priority or status filters. Statistics The incident statisticts are shown in the "Manage Incidents" > "Statistics" option of the Operation menu. They can be of five different types: Incident status Incident priority Users with the incident opened Incidents by group Incident source Messages In Pandora 1.2 it is possible to send messages to others user. Each user can see his/her messages in "Messages" in the Operation menu. To send a message to other user you must click in "Messages" > "New mesage" in the Operation menu. It is possible to send a message to a group from "Messages to groups" > "New mesage" in the Operation menu.