Alerts in Incident Response
From creation to resolution, Incident Response enables you to manage your alerts through the entire alert life cycle.
Alerts are automatically grouped during ingestion and before Response rules are run. See Incident Response Automation.
The Assigned to and Responder list fields on an alert specify who should be notified. When a team is selected as a responder, team rules are checked to determine which schedule to use for the notifications. An alert can be assigned to multiple teams.
If the Service is changed and the new Service does not have an assigned team, no changes occur.
When a Service is deleted, its integrations, alerts, incidents, and automation rules are removed. This is not a recoverable action so consider deactivating the service instead.
Responders and above are notified for updates to alerts based on their notification preferences. If you made the update, you won't be notified. See Profile management. Stakeholders do not have notifications preferences, so they are sent an email, by default.
For more information on the areas and fields available in an alert, see Alert workspace.
- Acknowledge an alert or group of alerts that require attention.
- Update the priority of an alert.
- Add responders to an alert.
- Reassign an alert.
- Promote an alert to an incident.
- Tag an alert.
- Manually group alerts.
- Manually remediate the alert.
- Add worknotes to an alert.
- Close the alert.
- Reopen the alert.
If there have been no updates, open alerts are automatically closed after 7 days. Closed alerts are automatically deleted after 90 days.