Managing Incidents

Current incidents A collection of one or more related triggers. Relationships that cause triggers to be combined into incidents include application, location, operating system, or a trigger by itself. are listed on the Incidents page. Click an incident in the list to see its details. Use the tools on the Incident Details page to monitor the incident until you're able to change its status The current state of an incident or runbook, indicating its progress through investigation and resolution workflows. to Closed or Dismissed.

On the Incident Details page, you can:

• Change the incident's status: New, Investigating, On Hold, Closed, or Dismissed.

• View the impact Uniform Resource Locator. The address used to access resources on the internet, such as webhook endpoints or API endpoints for runbook automation. summary for the incident: How many users, locations An entity type representing physical or logical locations in the customer environment where entities are deployed and monitored., and applications An entity type representing software applications deployed in the customer environment that are monitored for performance and anomalies. does it affect?

• Add a note to the incident to document its cause and how it is being addressed.

• View the incident's Activity Log, which lists all the detections One or more indicators that are correlated and may act as a trigger for incident creation or runbook execution. and user actions associated with it.

• Share the incident with other users by copying the link to the incident details and pasting it into a message of your choice.

• View the latest runbook An automated workflow that executes a series of steps or tasks in response to a triggered event, such as the detection of anomalous behavior generating an incident, a lifecycle event, or a manually executed runbook. analysis of the incident.