| Solution |
Alert Timelines are essential notification schedules for occurring incidents. Any number of timelines can be created, and each timeline can contain any number of events. This allows the user to create an automated escalation schedule based on incident duration.
Incidents will remain active until the underlying conditions creating the incident are resolved. Users may alternatively place the problematic instance under maintenance (preventing alerts for a set time limit), manually escalate to the next event on the alert timeline, or manually prevent future timeline events from occurring.
- In the web control panel, go to Monitoring>Alert Timelines in the navbar.
- Select the "+Add Timeline" button.
- When prompted, add a name and description for the alert timeline as desired. The following alert timeline was created from scratch for this example. Note that the timeline does not contain any Alert Events at creation.
- Click the "Add New Alert Event" option. This will present the user with the following options:
Trigger Time: This is the length of the delay between an incident being confirmed and the alert event being created. Note that this is the amount of time since the incident has been confirmed, not since the previous alert event. If alert events are set with no delay (0 hour, 0 minute, 0 second trigger time), those alerts will trigger immediately. If a second event is added with a 60 minute trigger time, that alert will go out 60 minutes after the incident is detected.
Contacts: This will offer a drop-down menu of all configured User's available individual contact methods.
Contact Groups: This will offer a drop-down menu of all configured User Groups. This is typically used when a team is responsible for an incident as opposed to individual users.
On-Call Schedules: This will offer a drop-down menu of any configured On-Call schedules.
Integrations: This will offer a drop-down menu of any configured communication integrations (e.g. slack, MS Teams).
- Once the first alert is created, additional alerts may be added with a later trigger time. This will create automatic escalations based on time frame - users must manually prevent the escalation from occurring. A completed example is outlined and explained below.
In the above example, the timeline is configured to first alert Group 1 (chosen from Contact Groups when adding a new event) with a trigger time of immediate (0 hours, 0 minutes, 0 seconds). If an hour passed and none of the users within Group 1 remedy the issue, cancel escalations, or put the instance under maintenance, then the next event will trigger notifying "SysAdmin". If two hours pass and neither Group 1 members or SysAdmin have performed the actions listed above, then it will escalate to "CTO".
More information on alert timelines may be found on the FortiMonitor documentation site.
|
