Enterprises today need the ability to have detailed reporting in their systems of record. xM is a tool that is used for incident management and/or incident response within the Enterprise but typically is just one spoke in a wheel of tools including CRM and others.
As a result, most enterprises will need to source all of the available data that relates to incidents such as:
- Teams bridge information, i.e. who joined and when, who left and when, date and time stamps for chats
- xM incident responder information, i.e. what groups were paged, who got paged in that group, who actually accepted the page
- CRM like serviceNOW to manage the INC record
Assuming that all alert events occur via an INC, xM should have an API that can provide:
- At the time of the request, all current information (logs) for an INC
- All INC and their associated information (logs) for a period of time
- Delta updates for an INC that does not have a Resolved status
This allows for a few different capabilities.
The first is that within other systems, you could provide near real-time data related to incident responders. Who’s coming to my incident?
Second, reports can be built that pull together all INC data where responder data could then be used to answer questions such as:
- How long did it take from the time a group is paged out to when someone acknowledged to when they actually joined the bridge? This would provide a more true mean time to respond as it represents the time when a page goes out to when someone actually is available to being work.
- Data can persist for longer periods of time. Since data is only available for 90 days on xM platform, most companies need to have historical incident reporting capabilities.
Comments
Please sign in to leave a comment.
This could also be in the form of a reporting service connector, such as a connector to PowerBI, snowFlake, Denodo, etc.
Thanks for the feature request George. You're right that there's a lot of rich information related to incidents that could be used in many interesting ways whether that's building custom reporting for post incident analysis, generating custom notifications, sharing and annotating other systems, etc.
You refer to the INC logs in your request, are you referring to the timeline entries in our Incident Console?
Ideally, this would be to allow access to all the data that is generated. Think data pump. The problems that it solves are:
The issue we are facing today is the limited amount of data that is stored within the xM platform. As an organization and for data retention purposes, we need longer periods of active data.
Secondarily, we have more and more sources of incident data, for example, xM, serviceNOW, Splunk, etc. More and more companies are turning to data virtualization to be able to abstract all of these different sources of data to then in turn have a better view of the data.