So far, you have metrics to understand the traffic in your environment and a plan to reduce false alarms. It’s also important to identify the events that operators are responding to, and if their responses are appropriate and necessary.
SureView can automate many common processes for an operator, such as recording cameras, sending notifications, and triggering actions. This automation can be used to eliminate the need for an operator to respond to repetitive events that are not an active threat and don’t require the operator to make decisions.
Of course, you could just ignore these alarms. However, many SOCs require logging all events for compliance or management reporting. SureView allows these events to be auto-handled and logged, eliminating distraction and saving valuable time for the operator.
When deciding which events require operator action, it’s important to be consistent. SureView uses a flexible model where alarms are given a numerical priority rating, with priority 1000 as a threshold. Alarms at this rate or higher override any masking and will still be presented to operators even if an area is disarmed.
Prioritizing events not only helps to rapidly order the alarm list, it can also help group similar events and route traffic to the appropriate level operators. These workflows can be used to improve the performance of your team and can include internal SLAs that trigger additional actions or escalations based on response time.
For example:
You decide that first-line operators are responsible for events with a low priority, while second-line operators respond to the higher priority events and escalations. As alarms are received, the priority level indicates how they are routed. You can add an SLA that automatically escalates a priority alarm if it doesn’t receive a response within 1-minute.
