Looking for some best practices/suggestions related to this situation...
In our environment, we have "BSM" systems that do monitoring using HP tools. These systems send traps to Spectrum, which raises BSM alarms, as expected. The systems also have Sysedge installed, and they are monitored for host resources, etc
The challenge is that the BSM host itself is owned by my team (since it is a Windows system), but the BSM application (which is running on the host and sending the traps) is owned by a different team. But, all alarms are asserted on the device model, so they all have the same contact information.
Scenario 1: Something goes wrong with system itself (i.e.: MPV-APPHPBSM01.cgi.int), such as "disk utilization exceeded" or "system is not responding to polls". Spectrum raises an alarm, and our Operations team will call the team that is listed in the Contact field of the model.
Scenario 2: BSM sends a trap based upon its monitoring, Spectrum raises an alarm against MPV-APPHPBSM01.cgi.int, and our Operations team will call the team that is listed in the Contact field of the model.
In Scenario 1, my team should be called.
In Scenario 2, the team that owns the BSM app should be called, but my team ends up getting incorrectly called because we are the contact.
The model can only have one Contact value, and our internal procedures rely on this to assign incidents to specific teams.
One other thing: please do not suggest that we enhance the alarms with information that people can use to decide how to assign the incident, or add conditional logic to launch specific alarms with instructions on who to assign to. People do not read the alarm contents.
Can we do something with "event models".
Thanks for your help.