Manually group Incident Response alerts

Alerts you think are similar can be grouped so that you can focus your efforts on the primary alert. Once closed, the related alerts are automatically closed.

Before you begin

The oldest of the highest severity alerts becomes the primary alert, and the rest become related alerts.

Grouped alerts are displayed under the primary in the alert list view, and you can see a count of related alerts.
Note: Once you group alerts, you can ungroup them. See Manually ungroup an Incident Response alert.

Role required: Responders, managers, and administrators

Procedure

  1. Log in to Lightstep Incident Response.
  2. On the left navigation pane, click Alerts.
  3. In the list view: Select the alerts you want to group by checking the box to the left of the alert.
    Select alerts to group
  4. From the Actions menu: Select Group alerts.
    Group alerts
  5. Confirm your selection in the pop-up.

    To open a related alert from the Related Alerts tab, click the alert in the Number & Description column.