> For the complete documentation index, see [llms.txt](https://docs.inopli.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.inopli.com/response/incidents.md). # Incidents The incidents reflect events that, after being processed, generate alerts and are linked to specific correlation rules. In the initial dashboard, a graph displays the incidents opened in the last 24 hours by severity, as well as a general overview of the incident status and a paginated list. Users can filter incidents by severity, responsible analyst, status, creation date, update date, or search by the name or ID of the incident. The default view lists urgent incidents in an optimized manner, without predefined filters or sort orders.

{% hint style="warning" %} The prioritization in the list follows a standard: incidents with 'NEW' status and the shortest remaining SLA time are shown first, followed by those that had interactions with Mss/Company, and finally, the rest are listed by ID in descending order. {% endhint %} A color palette indicates special situations: * Red: SLA exceeded. * Yellow: SLA 1 hour about to be exceeded. * Green: Incident with a new unread interaction.

*** #### **Important columns into dashboard include:** * SLA: The time agreed with the client, which stops counting when the incident is addressed. * Severity: Organized from INFO to CRITICAL, according to the parent correlation rule. * Status: Indicates the stage of resolution, varying from active, pending, under treatment, and closed. * Rate: The average user feedback, based on various parameters. *** #### Available actions into dashbord: * Escalate Incident: Increases the incident's priority in the list, reducing the SLA. * [Alerts](/response/incidents/alerts.md): Displays all the alerts that led to the incident. * [Messages](/response/incidents/messages.md): Allows analysts to follow and participate in the resolution process, sending messages and files, and includes system messages about changes in the incident. * [Rate](/response/incidents/rate.md): Displays feedback for each analyst involved. *** ### Incident Details Presents important information, links, message history, and activities related to the incident, allowing individual or mass changes in various parameters.

{% content-ref url="/pages/nYykzOSxr93bxfVOZi15" %} [Alerts](/response/incidents/alerts.md) {% endcontent-ref %} {% content-ref url="/pages/m0oNicfjqfB5lp8ULeIy" %} [Messages](/response/incidents/messages.md) {% endcontent-ref %} {% content-ref url="/pages/OL60S6SBanae7JG2O7Wy" %} [History](/response/incidents/history.md) {% endcontent-ref %} {% content-ref url="/pages/eft3Y28tOoDXTxfvkBvk" %} [Playbooks](/response/incidents/playbooks.md) {% endcontent-ref %} {% content-ref url="/pages/GQ4GQ6IueU8FdATB4uWj" %} [Rules](/response/incidents/rules.md) {% endcontent-ref %} *** --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inopli.com/response/incidents.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.