Alerts in Incident Response
From creation to resolution, Incident Response enables you to manage your alerts through the entire alert life cycle.
- Incoming or bi-directional integrations
- Inbound REST Alert Creation APIs
- Inbound emails
- CLI command
See Command Line Interface for Incident Response for more information on this feature.
Alerts are automatically grouped during ingestion and before Response rules are run. See Automatic alert grouping in Incident Response.
The Assigned to and Responder list fields on an alert specify who should be notified. When a team is selected as a responder, team rules are checked to determine which schedule to use for the notifications. An alert can be assigned to multiple teams. Responders are notified according to their notification preferences. Your profile in Incident Response.
For more information on the areas and fields available in an alert, see Alert workspace.
- Acknowledge an alert or group of alerts that require attention.
- Update the priority of an alert.
- Add responders to an alert.
- Reassign an alert.
- Promote an alert to an incident.
- Tag an alert.
- Manually group alerts.
- Manually remediate the alert.
- Add work notes to an alert.
- Close the alert.
- Reopen the alert.
Open alerts are automatically closed after 7 days.
On Monday at 7:00AM (local time) each week, one week-in-review email is sent to the assigned team manager indicating team performance. Another email is sent to the responder and manager indicating their own work.
Week in Review for Responders and Managers contains information on services, shifts, and teams created by you. And alerts or incidents assigned to or closed by you. A comparison to the previous week is included.
Week in Review for Team Managers contains information on services, shifts, and teams created by your team. And alerts or incidents assigned to or closed by your team. A comparison to the previous week is included.
Usein your profile to change these settings.