Products	Solutions	News	Resources	Partners	Company
Software ITM Core Event Manager Action Manager Event Reporter Metric Manager Inventory Manager Netflow Reporter Appliances Event Router Shareware CDP Shark	Verticals Service Providers Healthcare Enterprises Packages Monolith for Aggregation Security Event Manager	Monolith News Press Inquiries Press / Analyst Events	Testimonials Data Sheets White Papers Case Studies Product Downloads	Overview Locate a Partner Become a Partner Partner Portal	Company Overview Management Team Investors Careers Contact Us

Action Manager

Operational Metrics Escalation Phases Rotational Oncall Policy Actions Remedy Integration Watcher Correlation
Advantages

1. Intelligent Incident Router
2. Single Integration Point
3. Supports Multiple
a. Groups
b. Shifts
c. Schedules
4. Easy Config via Event Types
5. Rotational Oncall Engine
6. Designed for NOCs
7. Custom Correlation
8. Event Automation
9. Syncs People, Fault, and Ticket
10. Single Configuration Web UI
11. Bi-Directional Ticketing

Benefits

1. Eliminates Multiple Notify Engines
2. Operational Efficiency
3. Helps Eliminate Tier1
4. AutoRoute Alarms to Correct People
5. Capture & Track Key Ops Metrics

Data Sheet v3.1

Online Demo

Home > Products > Action Manager > Watcher Correlation Engine

Watcher Correlation Engine

Monolith Action Manager has taken correlation and root-cause analysis in a different direction. Most vendors have complex topology modeling or even mathematical calculations to achieve a level of correlation. However most of those tools fall very short of their intended goals and confuse customers. Correlation that works in a lab does not mean it works well in a custom complex production environment. Correlation, to Monolith Software, is an easily defined customer created event relationship intended to take known situations and expediate its resolution. Also, correlation should not be forced to be technology specific. This philosophy is permeated in Action Manager's Watcher Correlation Engine.

Action Manager's Watcher Correlation Engine was designed to allow custom querying of disparate events and correlation depending upon metrics of found events.

Example 1: Security Events
Two events are recieved from two seperate sources:
-IDS Attack Message
-Firewall Accept Message

Both events are coming from the same source/destination ip/port/protocol, meaning that a successful attack has happen. Watcher can correlate these two together and sending an alarm bringing the two together into a single actionable event.

Example 2: Cluster Events
Two events are recieved from two seperate devices:
-Exchange Primary Down
-Exchange Secondary Down

Both events are indicating exchnage services are down, if their was only one its not a critical problem, however both are down, meaning that the exchnage service is down. Watcher can correlate these two together and sending an alarm bringing the two together into a single actionable event.

Example 3: Heartbeating
The biggest problem with Manager of Manager solutions is that they depend upon upstream event feeds. What happens when no events are being sent, or the upstream source is down?

Watcher takes care of the problem by polling for no events from a specific event source for X number of minutes. So when an event source goes quiet, the system automatically recognizes this and sends an alarm indicating the silent failure.

Watcher

(click to enlarge.)