I've been trying for the last year to try to develop the operational use cases for UIM and then use the elements within UIM to develop an end user manual or some end user profiles.
My latest attempt was development of "So you got an alert notification" triage plan, and thought that others may have already went down this path and would be willing to share their operations manual in context of CA UIM.
1. How is the end user notified of a critical condition? (email, a sound, some blinking lights)
2. When the end user, an operator receives the alert, what are they suppose to do?
2a. What skill set does the operator have? (operator profile)
2b. Does the alert notification have the contact point, department or starting triage instructions?
3. Once the operator has completed what they can do with the alert, how/who/when should the next tier be woke up?
4. What is tier two's profile?
I've tried to shoe-horn UIM into our current operators manual but UIM has a quite different spin on alerts and alerting options out of the box. Sure, I could pipe all the alerts to a massive LUA script that forms the data packet to drive a notification that looks just like our other monitoring systems, but is that what everyone is doing?
I've looked through our Knowledge base, and I did not come up with a lot of documents that would help you further here as what you are looking for is quite specific and most white papers are fairly high-level only.
However, maybe this can help (if at all):
Otherwise, you would indeed need further input from the community, or contact CA Services directly.
Thank you very much Martin.
The Trial Run-Book was helpful to show that UIM, out-of-the-box is very basic but has a vast array of customization points throughout the alert lifecycle. Seems like the main focus is that the alert lifecycle is managed within UMP with assignment/acknowledgement/annotation but I'm looking for how others interact and use these features.
While UIM has quite a few options/customization to notify, manage and research root cause, it just seems that there isn't a out-of-the-box story to show a drill through a suggested or example implementation of UIM.
Within the Trail Run-Book:
"This was a very simplistic (and manufactured) scenario. Hopefully however you can see how you can use the nas to provide more detailed correlation, enrichment and notifications for alarms based on a wide range of criteria."
Which this run-book does give a very good introduction to the various parts but was looking for how others have integrated UIM into their operational or enterprise monitoring processes.
Basically looking for better processes since our current processes are vague at best.