Incident Response alert states

Alert can be in a few different states depending on how they are acted on.

An alert is created in Incident Response when a third-party monitoring tool has an event. Alerts can be manually or automatically assigned. An alert is either Open or Closed. You can edit actions from either the Alerts list or the Alert form. Use the Save button in the form to keep any changes you've made. Changes to Alerts in the list view are automatically saved.

If there have been no updates, open alerts are automatically closed after 7 days. Closed alerts are automatically deleted after 90 days.

Table 1. Alert actions
State	Description
Open: Unacknowledged	State on alert creation. From this state you can: Acknowledge Assign this alert to yourself to start investigating. Add Responder Add another responder to the alert.
Open: Acknowledged	Triggered by the Acknowledge choice. From this state you can: Unacknowledge If you are busy or can't work on it, this choice returns the alert to being unassigned. Close Closes the alert. Reassign For a responder: Reassigns the alert to someone else in your assignment group. For a manager: Reassigns the alert to anyone. Reassign team (Only available from the Alert form.) Reassigns the alert to your team. Add Responder Add another responder to the alert.
Closed	Triggered by choosing Close. From this state you can: Reopen Reopens the alert in an unacknowledged state.