Fortinet Document Library

Version:


Table of Contents

User Guide

21.4.0
Copy Link

Configure incident alert and response time thresholds

Incident alerts and response time thresholds can be configured while adding or editing a network-based metric. This allows you to control when to get alerted, the Alert Timeline to use, and the severity to be assigned when an incident occurs.

For example:

  1. You can configure a metric to create an incident when an DNS port check is unsuccessful for more than 5 minutes.

  2. Assign a severity of Critical to the incident.

  3. Select the Alert Timeline to notify when the incident occurs.

To configure alert thresholds for network service checks, see the following sections:

Incident alerts thresholds 

To configure incident alert thresholds, perform the following steps:

  1. On the Instance Details page, choose a network-based metric to configure.

  2. Select the More icon, then select Edit. 

  3. On the Incident Alerts & CounterMeasures modal, configure the following fields:

Field

Description

When HTTPS check is unsuccessful for

Select the period of time or (threshold period) before an incident is created after the first unsuccessful network check.

Values:

  • 1 minute

  • 2 minutes 

  • 5 minutes 

  • 10 minutes 

  • 15 minutes 

create an incident with the severity

Select the severity to assign to the created incident.

Values:

  • Warning

  • Critical

and notify with the Alert Timeline

Select which Alert Timeline to use when the configured threshold period is breached.

Override Server Alerts

If selected, only the specified Alert Timeline will be if an incident occurs for this service. Otherwise, the selected Alert Timeline will be used in addition to the standard alerts for the server. 

Availability Inclusion

Select if you want to include this alert to your server's availability calculation.

Incident CounterMeasures

Select + Add CounterMeasure to create a CounterMeasure to run when this threshold is breached. See CounterMeasures Overview.

Note: The Agent must be updated to add a CounterMeasure.

4. To configure Response Time Thresholds, see the following section. Otherwise, select Save.

Response time thresholds

To configure incident alert thresholds, perform the following steps:

  1. On the Instance Details page, choose a network-based metric to configure.

  2. Select the More icon, then select Edit. 

  3. On the Response Time Thresholds & CounterMeasures modal, configure the following fields:

Field

Description

When response time is greater than

If the selected value is greater than the response time for a specified amount of time, an incident is created.

Values:

  • 1 minute

  • 2 minutes 

  • 5 minutes 

  • 10 minutes 

  • 15 minutes 

For more than

If the response time is greater than the value specified in the When response time is greater than field for more than the selected value, an incident is created.

Values:

  • 1 minute

  • 2 minutes

  • 5 minutes

  • 10 minutes

  • 15 minutes

  • 20 minutes

  • 30 minutes

  • 45 minutes

  • 1 hour

  • 2 hours

  • 4 hours 

  • 8 hours 

  • 12 hours 

  • 24 hours 

Notify with Alert Timeline

Select which Alert Timeline to use when the configured response time threshold is breached.

With a severity of

Select the severity to assign to the created incident.

Values:

  • Warning

  • Critical

Include metric performance in availability

Select if you want to include this metric's performance to your server's availability calculation.

Response time CounterMeasures

Select + Add CounterMeasure to create a CounterMeasure to run when this threshold is breached. See CounterMeasures Overview.

Note: The Agent must be updated to add a CounterMeasure.

4. Select Save.

Configure incident alert and response time thresholds

Incident alerts and response time thresholds can be configured while adding or editing a network-based metric. This allows you to control when to get alerted, the Alert Timeline to use, and the severity to be assigned when an incident occurs.

For example:

  1. You can configure a metric to create an incident when an DNS port check is unsuccessful for more than 5 minutes.

  2. Assign a severity of Critical to the incident.

  3. Select the Alert Timeline to notify when the incident occurs.

To configure alert thresholds for network service checks, see the following sections:

Incident alerts thresholds 

To configure incident alert thresholds, perform the following steps:

  1. On the Instance Details page, choose a network-based metric to configure.

  2. Select the More icon, then select Edit. 

  3. On the Incident Alerts & CounterMeasures modal, configure the following fields:

Field

Description

When HTTPS check is unsuccessful for

Select the period of time or (threshold period) before an incident is created after the first unsuccessful network check.

Values:

  • 1 minute

  • 2 minutes 

  • 5 minutes 

  • 10 minutes 

  • 15 minutes 

create an incident with the severity

Select the severity to assign to the created incident.

Values:

  • Warning

  • Critical

and notify with the Alert Timeline

Select which Alert Timeline to use when the configured threshold period is breached.

Override Server Alerts

If selected, only the specified Alert Timeline will be if an incident occurs for this service. Otherwise, the selected Alert Timeline will be used in addition to the standard alerts for the server. 

Availability Inclusion

Select if you want to include this alert to your server's availability calculation.

Incident CounterMeasures

Select + Add CounterMeasure to create a CounterMeasure to run when this threshold is breached. See CounterMeasures Overview.

Note: The Agent must be updated to add a CounterMeasure.

4. To configure Response Time Thresholds, see the following section. Otherwise, select Save.

Response time thresholds

To configure incident alert thresholds, perform the following steps:

  1. On the Instance Details page, choose a network-based metric to configure.

  2. Select the More icon, then select Edit. 

  3. On the Response Time Thresholds & CounterMeasures modal, configure the following fields:

Field

Description

When response time is greater than

If the selected value is greater than the response time for a specified amount of time, an incident is created.

Values:

  • 1 minute

  • 2 minutes 

  • 5 minutes 

  • 10 minutes 

  • 15 minutes 

For more than

If the response time is greater than the value specified in the When response time is greater than field for more than the selected value, an incident is created.

Values:

  • 1 minute

  • 2 minutes

  • 5 minutes

  • 10 minutes

  • 15 minutes

  • 20 minutes

  • 30 minutes

  • 45 minutes

  • 1 hour

  • 2 hours

  • 4 hours 

  • 8 hours 

  • 12 hours 

  • 24 hours 

Notify with Alert Timeline

Select which Alert Timeline to use when the configured response time threshold is breached.

With a severity of

Select the severity to assign to the created incident.

Values:

  • Warning

  • Critical

Include metric performance in availability

Select if you want to include this metric's performance to your server's availability calculation.

Response time CounterMeasures

Select + Add CounterMeasure to create a CounterMeasure to run when this threshold is breached. See CounterMeasures Overview.

Note: The Agent must be updated to add a CounterMeasure.

4. Select Save.