Intelligent alert reduction in a backup and recovery activity monitoring system

What is claimed is: 1. A computer-implemented method of monitoring performance metrics of a computer network, comprising: defining key performance indicators (KPIs) for the performance metrics of the computer network; collecting performance data for each of the KPIs; defining one or more threshold values for each of the key performance indicators; defining a detection policy to define abnormal performance used to detect abnormal performance based on the threshold values and generate alerts comprising messages sent to one or more users for detected abnormal performance, wherein the threshold values comprise two different threshold values, and wherein a warning notification is generated and sent to the user upon a KPI value exceeding a first threshold value but not a second threshold value, and a critical notification is generated and sent to the user upon a KPI value exceeding the second threshold value; receiving data regarding user response to the alerts; using the received data to modify generation of future alerts for the defined detection policy; displaying each past alert of a plurality of past alerts along an axis in order of increasing severity of system events generating the alerts; displaying the threshold values as user interface (UI) based markers on axis; and changing the threshold values in response to a user moving the UI based markers along the axis. 2. The method of claim 1 wherein the alerts are generated for network events comprising at least some normal system events and alert condition events, the method further comprising sending a notification to a user upon each instance of the detected abnormal performance. 3. The method of claim 2 wherein the user response comprises an acknowledgement of each alert, and wherein the alerts comprise at least one of a normal alert indicating a normal event where no fix is necessary, a false positive alert indicating an actionable event where no fix is necessary, a fixed alert indicating an actionable event fixed by the user, and an unresolvable alert indicating an actionable event not fixed by the user. 4. The method of claim 1 further comprising changing the threshold values in response to a user specifying a defined time period for application of the detection policy. 5. The method of claim 1 further comprising consolidating acknowledged alerts into a subset of alerts based on alert type within a range of severity. 6. The method of claim 1 wherein the key performance indicators include at least some of: CPU utilization, memory usage, number of restores on an asset, data throughput, disk input/output (I/O) operations, backup duration, deduplication ratio, amount of backup data, recovery to unique location, and further wherein the notifications are sent to the user through a notification service or a user interface service as at least one of: an e-mail message, a short text message, a social network message, and a web browser based message. 7. The method of claim 1 wherein the computer network comprises a backup server executing a backup operation to store and recover data generated by data sources operated by the user, and wherein the threshold values are selected to meet Service Level Agreement terms from a system provider to the user, and wherein an asset comprises a dataset desired to be backed up by the user comprising at least one of: a file, a directory, a file system, and a database; and further wherein the key performance indicators are divided into subsystem or metadata types, including asset metadata, network metadata, backup metadata, and user customized metadata. 8. A computer-implemented method of reducing alerts in a backup and recovery activity monitoring system, comprising: collecting performance data for key performance indicators for defined metrics collected upon completion of an application on the system; defining an anomaly detection policy to define abnormal performance of the computer network using defined threshold values for each of the key performance indicators, wherein the policy comprises an algorithm applied to one or more assets of the network, and one or more notification rules; generating an alert applying the notification rules to a user for each abnormal performance event defined by the threshold values; receiving responses to each alert for a plurality of past abnormal performance events; displaying to the user the received user responses in a graphical user interface (GUI); providing GUI-based threshold markers showing the threshold values relative to each alert; and changing the threshold values in response to user manipulation of the threshold markers. 9. The method of claim 8 further comprising: applying the anomaly detection policy for the asset to the collected performance data to detect abnormal performance; sending the alert to the user as a notification upon an instance of the detected abnormal performance; and prompting to user to describe action taken in response to the alert. 10. The method of claim 9 further comprising changing the threshold values in response to a user specifying a defined time period for application of the detection policy. 11. The method of claim 9 further comprising consolidating acknowledged alerts into a subset of alerts based on alert type within a range of severity. 12. The method of claim 9 wherein the alerts are generated for network events comprising at least some normal system events and alert condition events, the method further comprising sending a notification to a user upon each instance of the detected abnormal performance. 13. The method of claim 12 wherein the user response comprises an acknowledgement of each alert, and wherein the alerts comprise at least one of a normal alert indicating a normal event where no fix is necessary, a false positive alert indicating an actionable event where no fix is necessary, a fixed alert indicating an actionable event fixed by the user, and an unresolvable alert indicating an actionable event not fixed by the user. 14. A system for monitoring performance metrics of a computer network, comprising: an agent running in a host system containing assets to be protected, and collecting performance data for key performance indicators defining certain metrics of the network, the assets, and an application processing the assets; a key performance monitoring service running on a data protection system coupled to the host system and generating key performance indicator events from the collected performance data from the agent; an anomaly detection service running on a data protection system coupled to the host system detecting anomaly alerts from scans triggered by key performance indicator events received from the key performance monitoring service; a notification service generating an alert applying the notification rules to a user for each abnormal performance event defined by the threshold values, and prompting to user to describe action taken in response to the alert; and an alert tracking component receiving responses to each alert for a plurality of past abnormal performance events, displaying to the user the received user responses in a graphical user interface (GUI), providing GUI-based threshold markers showing the threshold values relative to each alert, and changing the threshold values in response to user manipulation of the threshold markers. 15. The system of claim 14 wherein the alert tracking component further changes the threshold values in response to a user specifying a defined time period for application of the detection policy. 16. The system of claim 14 wherein the alert tra