Manage alerts autonomously agentic workflow

Release version: Australia

Updated March 12, 2026

2 minutes to read

Summarize

Summarized using AI

Summary of Manage alerts autonomously agentic workflow

The Manage alerts autonomously agentic workflow leverages AI to streamline IT alert management by automating triage, impact analysis, root cause investigation, and reporting. It reduces resolution times by unifying these processes into a single, AI-driven workflow that enhances IT operations efficiency.

Show full answer Show less

Key Features

Automated Alert Triage: The workflow evaluates, categorizes, and analyzes alert history to identify noise patterns and update alert group descriptions.
Impact Analysis: It assesses the impact of alerts on services and users by examining recent incidents, cases, and service states using observability skills.
Root Cause Investigation: The AI agent retrieves and summarizes similar closed alerts, analyzes recent changes, related knowledge base articles, metrics trends, and log errors to uncover causal relationships and anomalies.
Contextual Insights: The workflow classifies alerts as proactive or reactive, provides failure scenario insights, and indicates potential consequences if alerts are not addressed.
Summarization and Reporting: It consolidates findings into clear, actionable summaries stored directly in alert records, including reasoning, evidence, confidence levels, and service health analyses.
Configurable and Extensible: Customers can duplicate and modify the workflow to tailor AI instructions and settings to their needs, ensuring alignment with organizational processes.

Key Outcomes

Improved Alert Management Efficiency: By automating routine tasks and providing AI-driven insights, the workflow reduces manual effort and accelerates alert resolution.
Enhanced Service Health Awareness: Integration with Service Observability dashboards offers detailed health analysis for services related to alerts.
Consistent and Informed Decision-Making: AI-generated summaries and evidence support clear understanding of alert significance and appropriate handling.
Ready-to-Use with Default Activation: This agentic workflow is enabled by default in ServiceNow, allowing immediate benefits with optional customization.

Enhance IT operations with AI-driven, autonomous alert management using the manage alerts autonomously agentic workflow.

Manage alerts autonomously agentic workflow overview

The manage alerts autonomously workflow introduces a unified AI-driven process that significantly streamlines alert management and reduces resolution times. This workflow supports alert management in the following ways:

Automates the triage
Impact analysis
Root cause investigation of IT alerts
Generates reports, summarizes key insights and possible next steps

For information on how to review key insights and data derived from the workflow in Express List, see Review AI generated alert information and insights in Express List.

For information about configuring this workflow, see Configure the manage alerts autonomously agentic workflow.

Use the information on this page to learn about the actions related to the manage alerts autonomously agentic workflow. To modify the workflow, you must duplicate it and adjust the settings according to your requirements. For more information, see Duplicate an agentic workflow.

Important:

When you modify an agentic workflow, AI agent, or tool, make sure that you update all instructions accordingly.

Manage alerts autonomously agentic workflow

The manage alerts autonomously agentic workflow uses the manage alerts AI agent to perform alert management and resolution tasks.

Table 1. AI agent used in the manage alerts autonomously agentic workflow
AI agent	AI agent role
Manage alerts AI agent	Investigates alerts, summarizes alert-related reports, and stores structured insights with key findings.

The manage alerts autonomously agentic workflow performs several actions in the course of the workflow. These actions may include the following:

Triages alerts
- Evaluates and categorizes alert
- Analyzes alert history to identify noise patterns
- Updates alert group description based on analysis
- Performs related incidents analysis to detect focal points and common closure patterns
Determines alert impact
- Evaluates impact on services
- Determines user impact by finding recent incidents or cases
- Uses observability skills for deeper service state validation
Investigates relevant information
- Retrieves and summarizes similar closed alerts
- Analyzes recent changes for causal relationships
- Summarizes related KB articles for relevant information
- Identifies trends or anomalies in related metrics
- Uncovers errors, exceptions, or warnings in related logs
- Analyzes non-primary log analytics alerts in an alert group to support investigation, including the following:
  - Classifies alerts as proactive or reactive, indicating emerging risk or an active issue
  - Assess if triage is required
  - Provides contextual insights, including potential failure scenarios and what may occur if the alert isn't addressed
Summarizes and stores information
- Consolidates findings
- Generates a final summary
- Saves the summaries in the alert record, such as
  - reasoning, evidence, and confidence level behind AI-driven investigation of alert significance and automatic closure of insignificant alerts, and
  - summaries of Service Observability dashboards to provide health analysis of each service associated with an alert. For more information see, Analyze service health in Service Observability.
- Provides clear, actionable insights

Important:

This agentic workflow is turned on by default. For more information, see Now Assist skills, agents, and agentic workflows on by default.