Monitoring and false positives: their impacts and how to minimise them with ServiceNav

Back to news

First of all, what is a false positive?

A false positive is an alert, which after investigation, turns out to be a false alarm; an alert that is triggered when the monitored device is, in fact, operating as expected.

What are the impacts of false positives?

To understand the impact of false positives on an organization, one must look at the activities undertaken when processing an alert.

Consider an example from one of our customers:

  • An alert occurs on the monitoring dashboard
  • The person responsible for monitoring will receive the alert and open a ticket thanks to the integration with his ticketing tool, qualify it in his ITSM and assign it to the correct resolution group. Time of the operation: 3 min
  • The technician in charge of resolving the incident will be notified of the arrival of a new ticket, take ownership of it, check the monitoring platform (with a little luck, the false positive has returned to the OK state, he can close the ticket), analyze the error message raised in the monitoring, connect to the target device and make the necessary investigations, …. and finally conclude it to be a false positive. This observation will result in a modification of the current monitoring configuration, closure of the ticket, and a return of the check to the OK state.

Incident finished, let’s move on to the next ….

Total time of the operation: between 20 and 30 min, 2 people affected.

Cost of the operation: around 20 €

Imagine 20 false positives a day… that cost could be equivalent to 1 full time employee!!


What solutions are there to limit false positives?

In ServiceNav, we implemented several solutions to limit false positives and allow teams to focus on real service impacting events:


  • customisable thresholds for each service
  • Additional checks for each host and service
  • A report  to target the elements that trigger the most alerts

And as the ad would say: “And it’s not over…”

In the coming months, thanks to our BigData stack implemented since version 4.0, we will come forward with further innovative solutions to reduce false positives.

UK ServiceNav Product Development Manager; my priority is to be needful of the particular requirements of all ‘English-speaking’ markets where ServiceNav is sold. I have over 20 years experience of the IT monitoring field - covering a wide variety of products and technologies.

More recent posts from the Servicenav team


ServiceNav 3.19 – SNMP TRAPS – News / Plug-in Updates

In Brief SNMP TRAPS, in addition to using polling as a source of alerts Some devices offer, through their SNMP MIBs the ability to send… Read more


On-call with the ServiceNav mobile app

More and more information systems are operating 24 hours a day, and the production windows for applications are constantly increasing. The reason? businesses with international… Read more


Monitoring and changes: where destinies meet

The basics Change management can be very complex, with potentially very significant impacts in terms of availability, costs and loss of data . Monitoring can… Read more