Declare an incident

Declare an incident in ilert from scratch or from an alert, and link the alerts that contributed to it.

There are two ways to declare an incident: from scratch, or from an existing alert. Either way, the incident starts in the Declared status and you can begin coordinating immediately.

Declare an incident from scratch

Declare an incident from scratch when the issue is not tied to an alert—for example a customer-reported problem, a third-party outage, a security event, or a response exercise.

1

Open the declare dialog

Go to Incidents in the main navigation and click Declare incident.

2

Fill in the incident details

The Declare incident dialog
Declaring an incident from scratch
Field
Required
Description

Title

Yes

A short, internal description of what is happening. It is never shown publicly.

Severity

Yes

The business impact of the incident. Defaults to SEV3.

Summary

No

What is known so far and what is affected. You can draft it with the ilert AI button.

Affected services

No

The services impacted by the incident, each with an impact level.

Create incident channel

No

Connect a chat channel for real-time coordination.

3

Declare the incident

Click Declare incident. The incident is created and opens in the incident view, ready for you to page responders and track the response.

Declare an incident from an alert

When an alert reveals an issue that needs coordinated response, declare an incident directly from it. Open the alert and click Declare incident.

Declaring an incident from an alert
Declaring an incident from an alert

The dialog is pre-filled from the alert so you can declare in seconds:

  • The title is taken from the alert title.

  • The summary is generated from the alert details.

  • Affected services are pre-selected from the alert's related services—you set the impact level for each.

  • The alert is linked to the incident, and its responders are added to the incident.

If the alert has an escalation in progress, that escalation continues on the incident, so the people already being paged are not lost.

Linking alerts to an incident

Linking tells ilert which alerts contributed to an incident. It keeps the noise of individual alerts out of the way while the incident becomes the single place to coordinate.

The alert you declare an incident from is linked automatically. To link more alerts, open the incident and click Link alert in the Linked alerts section.

When an alert is linked to an incident:

  • the alert's status changes to Linked;

  • its escalation stops—the incident now owns the response;

  • its responders are added to the incident;

  • it resolves automatically when the incident is resolved.

An alert can be linked to only one incident at a time.

Unlinking an alert

If an alert was linked by mistake, open the incident and click Unlink next to it. The alert returns to the Accepted status. Its escalation does not resume automatically—if the alert still needs attention, re-trigger escalation on the alert.

Affected services and impact levels

Affected services record which business capabilities an incident is impacting, each with an impact level such as Degraded or Major outage.

Setting or changing affected services on an incident updates ilert internally—it is reflected on internal dashboards and on the incident itself. It does not change anything your customers see.

The public status of a service changes only when you post a status update. This keeps you in control of what is communicated, and when.

Last updated

Was this helpful?