Automation & APIs

Indeni 7.3.1 – More About Reducing Noise

Last updated: July 31, 2025

An avatar of the author
Ulrica de Fort-Menares
Device diagnostics UI showing "Cores with High CPU Usage" list with per-core utilization percentages and a notification about

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

This article announces the Indeni 7.3.1 release and highlights new features that improve alert management, automation, and integrations in network device monitoring. Key highlights include the ability to persistently exclude specific issue items (preventing email and ServiceNow notifications for those items), set custom thresholds that control when an alert triggers based on the number of affected items, and add OAuth 2.0 authorization for ServiceNow integration to use tokens instead of credentials. The release also adds new Auto-Triage and Auto-Detect elements for Check Point and Palo Alto Networks devices and several Palo Alto monitoring enhancements that reduce noise and improve operational visibility.

How does the new persistent exclusion of issue items work and where can I configure it?

Persistent exclusion stops email notifications and ServiceNow updates for specific issue items and takes effect at the next rule evaluation. You can exclude an item directly from the issue page by selecting the item in the issue drawer (hover and click the blue mark) which creates an exclusion pattern entry in the rule configuration. Alternatively, from Knowledge Explorer you can open a rule (for example, “High CPU usage per core(s)” or “BGP peer(s) down”), go to OVERVIEW and add entries under Excluded Patterns; entries can be exact values or wildcards and can be removed later if you change your mind.

How can I use the new threshold feature to reduce unnecessary alerts in multi-server setups like NTP?

The threshold feature lets you specify how many issue items must be present before the system triggers an alert. In environments with primary and secondary servers (for example, NTP), you can set Thresholds = 0 so an issue is only created when all NTP servers are unreachable. This prevents alerts when a single secondary becomes temporarily unreachable while the primary remains available, reducing false positives and aligning notifications with the operational condition you care about.

What new device detections and integrations are included in this Indeni release?

This release adds OAuth 2.0 authorization for ServiceNow so tokens are used instead of login credentials for resource access. For Check Point devices, new Auto-Triage elements include OSPF neighbour down, cluster events, and a critical process (pnote problem) down; new Auto-Detect elements include SNMPd and syslog service down on management servers. For Palo Alto Networks, new Auto-Detect elements cover IPSec tunnel state tracking, BGP peer monitoring, Panorama UserID monitoring, and detection for CVE-2020-2021 (SAML authentication bypass). Enhancements include tracking DP CPU usage at the plane level, graphing rx/tx on VPN tunnel interfaces, and visualizing bond interface utilization.

We’re delighted to announce an Indeni release. The highlights are the ability to exclude issues items, the ability to specify a new threshold within a rule that triggers an alert, the new OAuth 2.0 authorization with ServiceNow, the new Auto-Triage Elements and the new Auto-Detect Elements. 

1. Persistently exclude an issue item

This has been a frequent request and is going to simplify how you handle issue items that are of no interest. When an issue item is excluded, the system will halt email notification and ServiceNow updates about the issue item. 

There are a couple of ways to exclude an issue item. The easiest way is from the issue page where you see the issue items. From the issue drawer, you can select the issue item by hovering over the item you wish to exclude and click the blue mark shown as below.

In the next rule evaluation for CP-R80.20-GW8-1, CPU-2 will be excluded from the issue and it will be reflected in the UI. In other words, item 2 will disappear from the UI a couple of minutes later. This will also create an entry in the rule configuration with the exclusion pattern set to “2”. From Knowledge Explorer, navigate to the “High CPU usage per core(s)” rule, click on OVERVIEW, and scroll to the bottom for the Excluded Patterns. You will see the entry “2” (CPU-2) created for CP-R80.20-GW8-1 below.

If you change your mind, you can just remove the entry. You can also exclude multiple issue items. Remember, this will take effect in the next rule evaluation cycle. 

Disaster Recovery Use Case

The other option to exclude an issue item is to pre-define a pattern from Knowledge Explorer. Let’s look at an example. You have a disaster recovery strategy in place. Under normal operations, many of the disaster recovery services are not available. For example, the disaster recovery BGP peer is always down, so you want to exclude the peer from the “BGP peer(s) down” alert. To do that, define an exclusion pattern that matches the BGP peer for disaster recovery. 

From Knowledge Explorer, navigate to the “BGP peer(s) down” rule, click on OVERVIEW, and scroll to the bottom for the Excluded Patterns, click ADD NEW.

In this example, 10.11.94.61 will be excluded from all the Check Point devices. You can use a wildcard if you want to exclude multiple issue items that share the same prefix. For example, I can define 10.11.* using the same example. 

Regular security scanning Use Case

Besides the disaster recovery use case, this new capability enables other interesting use cases. Currently, Indeni alerts when there is a failed login attempt in the /var/log/secure. The logs also provide the source IP where the failed login attempt originates from. You can define the source IP address in the exclusion setting, so the system would not trigger an issue. In most environments today, a scanner regularly attempts to SSH into devices for you. This causes the alert to trigger, thus a false positive. By pre-defining the list of source IP addresses of these scanners, we can effectively enable scanning in your environment.

NOTE: With the introduction of this new feature, we retire the ability to archive an issue item. The rationale is that you can use the new exclude capability to state that you don’t care about a specific issue item. If you change your mind later, you can update the exclusion settings from Knowledge Explorer. 

2. Specify a threshold for the number of issue items.

You may have deployed primary and secondary NTP servers in your environment. In some deployments, the secondary NTP address is only reachable when the primary has shut down. In this case, you only want to be notified if all the NTP servers are unreachable. With this release, you can define a custom rule as follows: 

By specifying Thresholds = 0,  the system will only trigger an issue if all the NTP servers are unreachable. 

3. OAuth 2.0 Authorization with ServiceNow

This feature lets you access your ServiceNow instance resources by obtaining a token rather than entering login credentials with each resource access request. For further information, see ServiceNow Integration.  

4. New Auto-Triage Elements for Check Point Devices

  • OSPF Neighbour down
  • Cluster Critical process (pnote problem) down

5. New Auto-Detect Elements for Check Point Management Servers

  • SNMPd process down 
  • Syslog service down

6. New & Enhanced Auto-Detect Elements for Palo Alto Networks Devices

  • New Auto-Detect Elements for Palo Alto Networks:
  • Enhancements for Palo Alto Network devices:
    • Track DP CPU usage at the plane level instead of core level
    • Ability to graph the rx/tx VPN tunnel interfaces
    • Ability to visualize bond interface utilization

Learn More

We invite you to upgrade to Indeni 7.3.1 or, if you are new to Indeni, download a free trial today. For more details on this release, visit our documentation page

Published in:

Automation & APIs

Published on: July 31, 2020

An avatar of the author

Ulrica de Fort-Menares is the Vice President of Product Management for Infrastructure Assurance.

Related content

Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more