Manually ungroup an Incident Response alert

Sometimes, alerts you thought were similar aren't. You can remove a grouped alert record from the primary alert.

Before you begin

Grouped alerts are displayed under the primary alert in the alert list view, and you can see a count of related alerts. This task removes an alert from the related list under the primary alert and updates the primary and any related lists.

Role required: Responders, managers, and administrators

Procedure

Log in to Incident Response.
On the left navigation pane, click Alerts.
Open the primary alert you want to remove a related alert from.
Select the Related alerts tab.

From the list menu, you have two choices, the Remove alert button

, or the Remove alert icon

Option	Description
Remove alert button	This button becomes available in the header when you choose the alert by clicking the check box next to it. If you had more than one alert to remove, this option lets you choose multiple alerts and remove them all at once.
Remove alert icon	You can use the icon directly by clicking on it in the related list view row. This option is useful for single removes.

Confirm your selection in the pop-up.
- The related alert is removed from the related list on the primary alert and returned to the primary alert's Details view.
- The oldest, highest severity related alert becomes a primary alert in the list view, if any alerts are left.
- Elapsed time, impacted time calculations on the ungrouped related alert go back to what they were.
- No changes to the collaboration channels.
- No change in state.
- Re-assigns assigned-to, assignment-group fields accordingly.