Triage and analyze alerts agentic workflow

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Triage and analyze alerts agentic workflow

    The triage and analyze alerts agentic workflow in ServiceNow uses AI agents to assist in preliminary alert management tasks, including triage, investigation, and analysis. This workflow helps streamline alert handling by automating acknowledgment, assignment, summarization, and investigation of alerts and related incidents to determine their significance and potential resolutions.

    Show full answer Show less

    This workflow is accessible via the Now Assist panel and supports both individual alerts and alert groups. Role masking and security controls ensure that the workflow operates within defined user privileges and access settings. To customize the workflow, customers must duplicate it and update AI agent instructions accordingly.

    AI Agents and Their Roles

    The workflow leverages a team of specialized AI agents, each handling specific aspects of alert processing:

    • Alert handling AI agent: Manages alert acknowledgment, assignment, and keeps alert records current.
    • Alert analysis AI agent: Performs detailed alert analysis and updates alert descriptions when needed.
    • Alert history analysis AI agent: Reviews past alert occurrences to evaluate their significance and closes alerts when appropriate.
    • Related incidents analysis AI agent: Examines past incidents to identify assignment patterns and summarizes resolution notes.
    • Alert verification AI agent: Checks data completeness and determines if an alert is suitable for further analysis.

    Practical Considerations for Customers

    • Use the workflow to efficiently triage and analyze alerts, reducing manual effort and improving consistency in alert resolution.
    • Ensure appropriate security controls and roles are configured to grant access to the workflow and related AI agents.
    • Modify the workflow by duplicating it and updating AI agent instructions to suit specific organizational requirements.
    • Utilize the Now Assist panel as the primary interface for interacting with the workflow and its AI agents.

    Use the triage and analyze alerts agentic workflow to complete preliminary alert tasks and analysis for alerts.

    Triage and analyze alerts agentic workflow overview

    The triage and analyze alerts agentic workflow uses AI agents to support alert triage, investigation, and analysis. AI agents can perform the following functions:
    • Acknowledge alerts.
    • Assign alerts to individual users and assignment groups.
    • Summarize alert and alert group data to create a human-readable description and add technical analysis.
    • Investigate relevant past incidents to analyze the significance of the alert and present options for resolution.
    Note:
    These functions can also be used for the origin alert of an incident when the workflow is accessed from the incident form or Express List using the Now Assist panel.

    Role masking enables users to limit the roles and privileges of agentic workflows during tool execution. Agentic workflows and their AI agents that get installed with Now Assist applications are assigned pre-defined roles. If you select Users with specific roles for user access, you must configure the security controls to include these roles. Data access settings must also include these roles. For the instructions to change the security controls, see Define security controls for an agentic workflow.

    Use the information on this page to learn about the agents related to the triage and analyze alerts agentic workflow. To modify the triage and analyze alerts agentic workflow, you must duplicate it and adjust the settings according to your requirements. For more information, see Duplicate an agentic workflow.

    Important:
    When you modify an agentic workflow, AI agent, or tool, make sure that you update all instructions accordingly.

    Triage and analyze alerts agentic workflow

    Acknowledge, assign, and investigate current and past alerts to determine significance and possible resolutions.

    To access the agentic workflow, use the Now Assist panel. For more information about using the agentic workflow in the Now Assist panel, see Now Assist panel.

    AI agents used in the triage and analyze alerts agentic workflow

    The triage and analyze alerts agentic workflow uses a team of AI agents to perform preliminary tasks and support alert resolution.

    Table 1. AI agents used in the triage and analyze alerts agentic workflow
    AI agent AI agent role
    Alert handling AI agent Assign, acknowledge, and maintain an up-to-date alert record.
    Alert analysis AI agent Perform alert analysis, and update alert description, when applicable.
    Alert history analysis AI agent Analyze past occurrences, assess its significance, and close the alert when applicable.
    Related incidents analysis AI agent Analyze past incidents and provide insights on common assignments and summarized resolution notes.
    Alert verification AI agent Assess data completeness and determine whether the alert is suitable for analysis.