Correlate Alerts with Incident

The incident related alert types are now shown on the alerts as extra properties. The types are:

  • Responder: The responder alert for responder teams except for the owner team
  • Owner: The responder alert for owner team of the service.
  • Associated: The associated alerts that are rolled up under an incident

These extra properties can be used within the filters. The Alerts Page also shows the type of the alert on the UI (Responder/Owner).

πŸ“˜

Related alert types are only available for the accounts that have our Service-Aware Incident Management feature enabled.

Two or more existing Alerts sometimes turn out to be related β€”β€Š or warrant being handled together as an Incident, for other reasons. Therefore, combine (associate) Alerts to create an Incident. When Alerts are associated to create an Incident, you set communications (for Responders and Stakeholders) and Incident Priorities while you create the Incident.
Follow the instructions below to create an Incident by associating Alerts.

To associate alerts to create an incident

  1. On the Alerts Dashboard, in the Alerts list, click the checkboxes to the left of the Alerts that you want to associate.
  2. Click Incident options on the left, and then click Create Incident from [that number of] alerts.
489

A Create Incident window shows the Alerts you selected, along with additional information needed to create the Incident:

  1. Fill in the remaining fields.
  • Incident Name, Incident Message, and Impacted Service are mandatory fields.
  1. Click Create.

Associating Alerts with an Existing Incident

When you combine (associate) Alerts with an existing Incident, communications (Responders and Stakeholders) for the existing Incident remain the same, although Incident Priority may increase to the highest priority of the associated Alerts (if the box is checked to increase an incidents priority to the highest priority of the associated alerts in the incident template or during manual creation).
Follow the instructions below to associate existing Alerts with an existing Incident.

To associate alerts with an incident

  1. On the Alerts Dashboard, click the checkboxes to the left of the Alerts that you want to associate with an Incident.
    You can also select an Incident to associate with these Alerts, now, or you can select it later.
  2. Click Incident options on the left, and click Associate [that number of] Alerts with an Incident.
489

If an Incident is not selected with which to associate the Alerts, begin typing to search for an Incident:

228

If both the Alerts and the Incident with which you want to associate them with are listed, the Incident is already selected.

  1. Click Associate.
    Click the Incident in the Alert list, to see the Alerts on the Associated Alerts tab of the Incident Details page:
650

To disassociate or close alerts from an incident

  1. Access the "Incidents" tab.
  2. Select the desired Incident to dissociate/close alerts from. The Incident details page opens.
  3. Access the "Associated Alerts" tab.
1160
  1. Check the box next to the desired alert(s) to dissociate/close.
  2. Click Dissociate. Close these alerts via the Close button.

Associated & Responder Alert Behavior

For the Associated Alerts of an incident, the notification flow will be suppressed and only its owner/responder alerts will send notifications to the owner/responder teams.

When an incident is deleted:

  • Responder alerts are also deleted.
  • Nothing happens to Associated alerts, i.e., they remain at their current state.

When an incident is closed:

  • Responder alerts are also closed.
  • Nothing happens to Associated alerts, i.e., they remain at their current state.