Situational Awareness across your Production Stack.

Incident.MOOG is a next generation approach to event management driven by real-time machine learning to detect anomalies across your production stack of applications, infrastructure and monitoring tools. This gives Dev and Ops teams a single pane of glass and unique operational insight, so they can detect issues in seconds, troubleshoot in minutes, and give business users a superior level of service.

Request Trial

The Problem We Solve

Product Overview

Incident.MOOG acts like a Manager of Managers (MoM), applying machine learning analytics to the growing volume of real-time events and alert streams generated by your entire production stack, turning it into early, actionable insight for support teams to collaborate and resolve problems faster, well before customers or users complain.

Product Overview

Incident.MOOG Capabilities

Incident.MOOG delivers Situational Awareness across your entire production stack using the following capabilities:


Agile Event Reduction

Incident.MOOG reduces event and alert storming by up to 99% using our patent-pending machine learning algorithms which analyze, de-dup, blacklist and turn events into actionable data.

Agile Event Reduction
Aigle Event

Real-Time Anomaly Detection & Contextualization

Our patent-pending machine learning algorithms also inspect event variables in real-time to assess how “surprising or abnormal” an event is, and how it relates to other events, so we can create insightful “Situations”, a contextualized event narrative to share across your Dev and Ops teams.

Real-Time Anomaly Detection and Contextualization

Situation Room Based Workflow

Our Situation-based approach to incident management streamlines the remediation workflow, because by working with “Situations” instead of single events, it is easier to see how incidents are unfolding and their likely root causes.

Situation Room Based Workflow

Production Workbench

Our family of integration adapters and APIs allows Incident.MOOG to rapidly ingest events from ALL your applications, infrastructure, and tools such as Splunk, Nagios, Solarwinds, New Relic, AppDynamics and Dynatrace, as well as launch bi-directional communications with tools like Service Now, BMC remedy, and Jira. This eco-system of integration partners allows Incident.MOOG to act as a Manager of Managers (MoM) and provide a truly complete view of your entire product stack in days rather than months.

Production Worhbench

Situation Scoring & Knowledge Recycling

Many outages, slowdowns and P1s are a result of recurring incidents that have happened in the past. For every new Situation, Incident.MOOG analyzes its event narrative to past Situations and presents a list of those with significant degrees of similarity. This automation helps Ops to resolve and restore recurring incidents faster, with immediate access to past Situations, root causes and resolutions where knowledge was successfully used.

Situation Scoring & Knowledge Recycling

Closed Loop Remediation

Our MooBots allow teams to automate remediation or trigger actions across their eco-system of management tools. For example, Incident.MOOG can auto-ticket incidents within ServiceNOW. ChatOps capabilities are also embedded inside Incident.MOOG so teams can execute scripts or commands to remediate problems across your infrastructure.

Closed Loop Remediation

Technical Overview

Get ahead of the scale and dynamism of events emitted by modern IT. Automatically detect “unknown unknowns” that other tools can’t.

Remediate faster by focusing on fewer, real situations — see it all in one place to act earlier, clusters of related alerts with full context.

Send all event data to Incident.MOOG from any infrastructure element, monitoring tool, legacy event manager, automation tool and even Twitter feeds.

Sitting between your IT systems monitoring and service management tools, Incident.MOOG employs a flexible, modern and opensoftware design that scales to the largest and most demanding IT environments.

Solutions Use Cases

Financial, Healthcare, Manufacturing & Gov

Your legacy event manager can no longer keep up with the rate of change and volume of events that characterize modern IT environments.

Media, e-Commerce, Software & SaaS

Business growth, continuous innovation, and DevOps are forcing you to automate incident management, and add situational awareness
for all.

Infrastructure, Cloud, Application Hosting

The cloud is evolving your customer requirements and your services, now you must redefine operational support and service assurance.

Wireless, M2M/IoT, Fixed and Cable

The advent of software defined infrastructures using SDN and NfV is forcing you to rethink operational support and service assurance.

Enterprise / Service Provider Ready


– Bi-directional REST API
– 90+ Vendor Integrations
– Any Data Feed / Format


– In-Memory Analytics
– Real-Time Machine Learning
– Up to 80,000 events/sec


– On-Premise Deployment
– SaaS Hosted Deployment
– Private Cloud Deployment

Role Based

– Single Sign-On
– Team Collaboration
– Knowledge Sharing

Frequently Asked Questions (FAQ)

Why do I need Moogsoft’s solutions?

If you care about your customers experience and your business success depends on applications and infrastructure availability, you need Moogsoft. As you move toward adopting cloud or other elastic compute technologies to increase your agility, your need for Moogsoft becomes increasingly acute due to the fundamental gap in legacy systems’ ability to adapt in dynamic environments.

Why was Moogsoft founded?

Moogsoft was founded by Phil Tee and Mike Silvey to bring sorely-needed innovation to service management and thereby enable IT operations to meet the challenges of the 21st century service economy. More than 20 years ago, Phil Tee invented Netcool (now known as IBM Tivoli Netcool) and Mike Silvey brought it to market. Now they are delivering the next-generation solution that is long overdue

What is Moogsoft’s primary business?

Moogsoft, Inc. is a privately held software and solutions firm headquartered in San Francisco, CA with additional offices in Surbiton, UK (London) and Hoboken, NJ (NYC area).

Can I customize Incident.MOOG?

Yes. Incident.MOOG can be customized using Javascript (JSON is the preferred format) as well as WinSocket. Incident.MOOG leverages advanced analytics which are comprised of multiple sets of patented machine learning algorithms, carefully developed and tested over several years’ time. Incident.MOOG does allow for customization via open APIs.

Do I need to deploy agents or other types of data-collecting software in order to run Incident.MOOG support?

No. Incident.MOOG uses an agentless approach to tap into your existing data feeds, and does not require any additional software or configuration of your event streams.

What types of data feeds are supported by Incident.MOOG?

Incident.MOOG has over 90 integrations that analyze SNMP traps, log files, syslog, APM events and basically any textual data that has clearly defined fields. At customer sites today, Incident.MOOG is processing millions of events per day in these formats as well as feeds from numerous other sources including IBM Tivoli Netcool, BMC Event Manager, Microsoft System Center, Solarwinds (network devices, Windows and VMware), Nagios, Gomez, log files from NetApp filers and many more.

What are the options for deploying Incident.MOOG?

Incident.MOOG is available for trial as on-premise software, hosted SaaS solution or as a packaged private Cloud image (e.g. AWS)

How does Incident.MOOG fit into the Information Technology Infrastructure Library (ITIL) methodology?

Incident.MOOG is unique in that it empowers the ITIL processes of incident management and problem management to be robust and effective in production, even if the configuration management database (CMDB) is incomplete. Incident.MOOG leverages ITIL processes and documentation that may exist in the enterprise while continually adapting to changes that may not be documented.

Where can I find out more information about Incident.MOOG?

Send us an email at or fill out our contact form to arrange a phone call with a member of Team Moogsoft.

What hardware do I need to support Incident.MOOG?

A typical on-premise installation requires two Intel servers each with 64GB RAM, running MySQL and Apache and a 2TB disk. Moogsoft also has hosted SaaS and private cloud (e.g. AWS) deployment options.

How is Incident.MOOG different than Splunk, Sumo Logic, etc.?

Splunk and its various add-ons apply an individual algorithm to index and analyze log file data after the events and incidents have occured. These tools are very useful in forensic analysis and can illuminate what has occurred historically in large IT infrastructures. To the extent that the infrastructure doesn’t change, this analysis may also be useful in predicting some future scenarios (disk full, etc.) However, these tools do not work in real time and they cannot process millions of events per day to detect problems as they unfold. Splunk, Sumo Logic, etc. can function as a data feed to Incident.MOOG.

How is Incident.MOOG different than Netcool?

Netcool and similar systems (BMC Event Manager, Boundary, Monolith, etc.) utilize simple time-based evaluation of alerts, processing them one at a time and ranking them using static rules and severity levels. Incident.MOOG is different in that, in addition to looking at time sequence, Incident.MOOG also applies advanced analytics (multiple types of algorithms) to derive meaningful associations between alerts, grouping them into Situations. Incident.MOOG continually interprets and enriches the event stream, building context from historical data while re-evaluating incoming telemetry to present a much more actionable view across IT silos and joint-vendor supply. Incident.MOOG then supports informed collaboration using Facebook Wall-like Situation Rooms to engage the appropriate stakeholders to solve problems faster.

How does Incident.MOOG compare to other IT operations support tools?

In the words of Phil Tee, inventor of Netcool and Incident.MOOG, “Incident.MOOG is what Netcool would have been, had Netcool been invented today instead of in 1993.” Incident.MOOG combines real-time event processing with big data analytics and social networking to transform incident management.

How does Incident.MOOG work?

Incident.MOOG leverages machine learning and analytics to transform a raw stream of events into meaningful clusters of alerts (“situations”) which represent incidents as well as cause and impact. Incident.MOOG leverages social collaboration (the Situation Room) to push-notify the appropriate stakeholders (notifying both the responder and impacted parties) so they detect and troubleshoot incidents as a team, thus reducing Mean-Time-To-Detect (MTTD) and Mean-Time-To-Resolution (MTTR).

What products does Moogsoft offer?

Moogsoft’s flagship product is Incident.MOOG. Incident.MOOG combines real-time event processing with big data analytics and social networking to transform incident management.