Alerts in Incident Response

From creation to resolution, Incident Response enables you to manage your alerts through the entire alert life cycle.

Create alerts within Incident Response using different sources, such as:

Watch this quick video to know what you can do with alerts and incidents.

Alerts are automatically grouped during ingestion and before Response rules are run. See Automatic alert grouping in Incident Response.

The Assigned to and Responder list fields on an alert specify who should be notified. When a team is selected as a responder, team rules are checked to determine which schedule to use for the notifications. An alert can be assigned to multiple teams.

Responders and above are notified for updates to alerts based on their notification preferences. If you made the update, you won't be notified. Your profile in Incident Response. Stakeholders do not have notifications preferences, so they are sent an email, by default.

For more information on the areas and fields available in an alert, see Alert workspace.

Respond to an alert in the following ways:
  • Acknowledge an alert or group of alerts that require attention.
  • Update the priority of an alert.
  • Add responders to an alert.
  • Reassign an alert.
  • Promote an alert to an incident.
  • Tag an alert.
  • Manually group alerts.
  • Manually remediate the alert.
  • Add work notes to an alert.
  • Close the alert.
  • Reopen the alert.

Open alerts are automatically closed after 7 days.

On Monday at 7:00AM (local time) each week, one week-in-review email is sent to the assigned team manager indicating team performance. Another email is sent to the responder and manager indicating their own work.

Week in Review for Responders and Managers contains information on services, shifts, and teams created by you. And alerts or incidents assigned to or closed by you. A comparison to the previous week is included.

Week in Review for Team Managers contains information on services, shifts, and teams created by your team. And alerts or incidents assigned to or closed by your team. A comparison to the previous week is included.

Use Notification preferences > Other notifications in your profile to change these settings.