First of all, what is a false positive?
A false positive is an alert, which after investigation, turns out to be a false alerts, i.e. an alert when the supervised element is operating as expected.
What is at stake with false positives?
To understand the impact of false positives in an organization, it is necessary to look at its organization and resume the process of processing an alert.
Let's take the case of one of our partners:
- An alert occurs on a supervisory dashboard
- The person in charge of surveillance and piloting will take into account the alert and open a ticket thanks to the integration with its ticketing toolThe ITSM, qualify it in its ITSM, assign it to the right resolution group. Operation time: 3 min
- The technician in charge of the resolution will be notified of the arrival of a new ticket, take it on his account, check the supervision (with a bit of luck, the false positive is back to the OK state, he can close the ticket), analyze the error message sent by the supervision, connect to the equipment, make the necessary investigations, .... And finally conclude to a false positive. Modification of the supervision configuration, closing of the ticket, return to the OK state.
Incident terminated, move on to the next ...
Total time of the operation: between 20 and 30 min, 2 people mobilized.
Cost of the operation: ~20€.
Imagine 20 false positives a day ... 1 FTE
What are the solutions to limit false positives?
In ServiceNav, we have implemented several solutions to limit false positives and allow teams to focus on true positives:
- Configurable thresholds for each service
- Additional checks for each equipment and service
- A report to target the elements that trigger the most alerts
And as the ad would say: "And it's not over."
In the coming months, thanks to our stack BigData implemented since version 4.0, we will offer you innovative solutions to work on false positives.