Configure SLA for Actions
Service Level Agreement (SLA) enables administrators to configure the time limits to update actions based on the SLA type. You can configure the following types of SLAs for actions:
Assignment SLA: The time limit from the action opened time within which you must assign a user.
Resolution SLA: The time limit from the user assignment time of an action within which you must resolve the action.
You can create multiple SLAs based on the actions' type, priority, and assigned user group. With action SLAs, you can:
Define a standard time limit to assign and resolve an action.
Set breach limits to alert the threat response teams when an SLA is about to breach.
Monitor the SLA breach status of the actions in the dashboards.
Configure multiple levels of escalations when the assignment and resolution SLAs are breached.
Create Assignment or Resolution SLA for Actions
To create an assignment or resolution SLA for actions, do the following:
Go to Admin Panel > SLA > Action.
Click Create SLA.
Enter a unique name for the SLA. For example, Block IP SLA.
Select an SLA type. For example, Resolution.
Specify the action details for which this SLA is applicable in Priority, Action Type, and Assigned Group.
Enter the following details to specify the SLA timeline:
SLA Warning Threshold: Enter a duration from the action creation time to display a warning in the action that the SLA is about to be breached. This time must be at least five minutes before the SLA time. For example, 55 minutes.
SLA: Enter a duration from the action creation time after which the SLA breaches if an action is not assigned or closed. For example, 1 hour.
Breached SLA Threshold 1: Enter a duration from the action creation time to send a first-level escalation email if an action is not assigned or closed. This escalation is applicable only if the SLA is breached. For example, 2 hours.
Breached SLA Threshold 2: Enter a duration from the action creation time to send a second-level escalation email if an action is not assigned or closed. This escalation is applicable only if the first-level escalation mail is already sent. For example, 3 hours.
Click Save & Next.
For SLA escalation, do one of the following:
Select an escalation to associate with the SLA and click Save & Next.
To associate a new escalation, click Create Escalation. For more information, see Create Escalation Roster for Actions.
To create an SLA without associating an escalation, click Skip. You can associate an escalation later.
To reorder the SLA priority, drag and drop the SLAs as per their priority.
Click Save.
Create Escalation Roster for Actions
The escalation roster enables you to configure the recipients of the escalation emails for various stages of the SLA breaches, such as SLA warning, SLA breach, SLA threshold 1 breach, and SLA threshold 2 breach. You can configure CFTR users and non-CFTR users as recipients.
Note
You can use an escalation roster for both assignment and resolution SLAs of incidents and actions. The escalation roster is not applicable for notification SLAs.
To create an escalation roster, do the following:
Go to Admin Panel > SLA > Action.
Click Escalations and then click Create Escalation.
Enter a title for the escalation.
For each escalation level, select the CFTR users or enter the email IDs of the recipients to whom you want to send the escalation email. For more information, see SLA Matrix for Actions.
Click Save.
Manage Action SLAs
You can perform the following activities to manage the action SLAs:
Search for an SLA.
Filter SLAs based on priority, assigned group, action type, created date, and last updated date.
Update SLA details. The updates apply to both existing and new actions. If the current SLA does not apply to an action anymore after the update, then the next SLA that is applicable to the action as per the priority order is automatically applied. If no SLA is applicable, then SLA is removed from the action.
Activate or inactivate SLAs.
Delete an SLA.
Note
When an SLA is deleted or inactivated, then the next SLA that is applicable to the action as per the priority order is automatically applied. If no SLA is applicable, then SLA is removed from the action.
Add or update the escalation for an SLA.
Reorder SLAs based on priority. If more than one SLA is applicable to an action, then the SLA that is higher as per the priority order applies.
View activity logs to track updates to various SLAs and escalations.
SLA Matrix for Actions
The following table shows how various stages of assignment and resolution SLAs are connected to the escalation levels and which email template is used to send the escalation email.
Assignment/Resolution SLA | Escalation Roster | Email Template |
|---|---|---|
SLA Warning Threshold | First Escalation | Action Reminder |
SLA | Second Escalation/SLA | Action Escalated To Level 1 |
Breached SLA Threshold 1 | Third Escalation | Action Escalated To Level 2 |
Breached SLA Threshold 2 | Fourth Escalation | Action Escalated To Level 3 |