Alerts in Incident Response

From creation to resolution, Incident Response enables you to manage your alerts through the entire alert life cycle.

Create alerts within Incident Response using different sources, such as:

Watch this quick video to know what you can do with alerts and incidents.

Alerts are automatically grouped during ingestion and before Response rules are run. See Incident Response Automation .

The Assigned to and Responder list fields on an alert specify who should be notified. When a team is selected as a responder, team rules are checked to determine which schedule to use for the notifications. An alert can be assigned to multiple teams.

Responders and above are notified for updates to alerts based on their notification preferences. If you made the update, you won't be notified. Your profile in Incident Response. Stakeholders do not have notifications preferences, so they are sent an email, by default.

For more information on the areas and fields available in an alert, see Alert workspace.

Respond to an alert in the following ways:
  • Acknowledge an alert or group of alerts that require attention.
  • Update the priority of an alert.
  • Add responders to an alert.
  • Reassign an alert.
  • Promote an alert to an incident.
  • Tag an alert.
  • Manually group alerts.
  • Manually remediate the alert.
  • Add work notes to an alert.
  • Close the alert.
  • Reopen the alert.

Open alerts are automatically closed after 7 days.