Incident

An incident comprises one or more related triggers. (Each trigger comprises one or more indicators that have been correlated.) Incidents are listed on the Incidents page, which shows information about the incident, including its basic details, along with runbook output data to assist you in identifying the incident's underlying cause.

Certain relationships cause triggers to be grouped into incidents:

  • A trigger by itself

  • Application

  • Location

  • Operating system

Alluvio IQ's default behavior is to group triggers into incidents only if they share two or more types of relationships. For example, two triggers will be grouped into an incident if they share both application and location, but not if they share only an application. However, you can override the system's default behavior and group triggers into incidents manually, or, you can break incidents apart, based on your personal knowledge and judgment.