First of all, what is a false positive?
A false positive is an alert, which after investigation, turns out to be a false alarmThis is an alert when the supervised element is functioning as expected.
What are the issues of false positives?
To understand the impact of false positives in an organization, it is necessary to look at its organization and to review the process of handling an alert.
Let's take the case of one of our partners:
- An alert occurs on a supervision dashboard
- The person in charge of monitoring and steering will take into account the alert and open a ticket through integration with its ticketing toolQualify it in its ITSM, assign it to the right resolution group. Operation time: 3 min
- The technician in charge of the resolution will be notified of the arrival of a new ticket, will take it into account, will check the supervision (with a bit of luck, the false positive is back to the OK state, he can close the ticket), will analyze the error message sent by the supervision, will connect to the equipment, will make the necessary investigations, .... And finally conclude to a false positive. Modification of the supervision configuration, closing of the ticket, return to the OK state.
Incident over, let's move on to the next one ....
Total time of the operation: between 20 and 30 min, 2 people mobilized.
Cost of the operation : ~20€.
Imagine 20 false positives per day ..... 1 FTE
What are the solutions to limit false positives?
In ServiceNav, we have implemented several solutions to limit false positives and allow teams to focus on true positives:
- Customizable thresholds on each service
- Additional controls for each equipment and service
- A report to target the items that trigger the most alerts
And as the advert says: "And it's not over".
In the coming months, thanks to our stack BigData implemented since version 4.0, we will propose you innovative solutions to work on false positives.
