Log in to Lightstep Incident Response.

On the left navigation pane, select Alerts.

Note: Initially, the alerts page is empty, until you ingest alerts from a third-party integration or manually create an alert. See Manually create an Incident Response alert for detailed information.

See Integrations in Incident Response for more information on setup and ingestion.

View the alerts list.

The alert list view can be sorted in order by:

Priority (asc)
Priority (desc)
Number (asc)
Number (desc) - Default

You can filter the listings using the Filters button in the header.

Note:

Filters for the same fields evaluate as AND, filters for different fields evaluate as OR. For example, if you filter for Priority and State is Open, the filter evaluates as P1-Critical OR P2-High OR P3-Moderate AND State Open.

If you select Alerts in the left navigation, Filters defaults to all Open alerts for everyone, and Open and My team for responders and above. If you use the back arrow button in your browser, the filter choices are retained.

Activate the Actions menu to perform bulk acknowledge, promote, close, or group actions using the list check boxes. Alert check box

The Actions list menu gives you options for them.

See Manually group Incident Response alerts for more information on grouping alerts and their results.

See Promote an Incident Response alert to an incident for more information on promoting alerts and their results.

Optional: Select the information icon

to the left of an alert for a preview.

The fly-out screen contains the alert header including tags, Details, and Activity areas of the alert. See Alert workspace for more information on those fields. Alt text for alert-flyout-3.2.png

The More actions menu in the fly-out contains all the same options as the Alert form as well as Show full details which opens the full alert form.

You can edit the Service, Priority, Assigned team, Assigned to, or Incident fields.

Select an alert in the alert list view.

The alert form contains not only the information related to the alert but options to search for further information and take actions. See the following example of an acknowledged alert.

Only an acknowledged alert can be promoted to an incident. See Promote an Incident Response alert to an incident for more information.

Once you acknowledge it, the alert is assigned to you and you can:

Promote to Incident: (hidden if there is already an incident).
Close: Closes the alert.
Save: Saves all changes.
From the More actions menu, you can:
- Unacknowledge: Unassigns the alert.

Select the Related alerts tab to view any alerts associated with this alert.

Alert information is copied from the alert record.

See Alert workspace for information on specific fields. See Incident Response Automation for information on alert grouping.

Select the Response rules tab to view any response rules associated with the alert.

See Incident Response Automation for more information on response rules.

View the Compose panel to add Work notes.

View the Alert timeline panel for system activity including Work notes.

Note: When an automation rule updates an alert, the rule is identified in the timeline.

Add or view attachments using the

icon in the upper right of the Attachments panel. This icon opens or hides the column.

View the Collaboration panel using the collaboration icon

. This icon opens or hides the column.

Start or join an available Zoom meeting.
Start or join an available Slack channel.
Add responders to the alert.

See Alert workspace for more information on each of the actions listed.

View the Helpful links panel using the helpful links icon helpful links icon. This panel contains links defined on the affected service for this record.

See Alert workspace for more detailed information.

View an Incident Response alert

Before you begin

Procedure