# Incidents

The incidents reflect events that, after being processed, generate alerts and are linked to specific correlation rules. In the initial dashboard, <mark style="color:green;">a graph displays the incidents opened in the last 24 hours by severity</mark>, as well as a general overview of the incident status and a paginated list.

Users can filter incidents by severity, responsible analyst, status, creation date, update date, or search by the name or ID of the incident. <mark style="color:green;">The default view lists urgent incidents in an optimized manner, without predefined filters or sort orders.</mark>

<figure><img src="https://2621223932-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLTQJomzpe5BTzHSLQPAt%2Fuploads%2F58rds81O1C2n13YB5obp%2Foverview-incidents.gif?alt=media&#x26;token=24c2cb49-39e6-4623-b8cf-0a3a9180485f" alt=""><figcaption><p>Overview Incidents Dashboard</p></figcaption></figure>

{% hint style="warning" %}
The prioritization in the list follows a standard: incidents with 'NEW' status and the shortest remaining SLA time are shown first, followed by those that had interactions with Mss/Company, and finally, the rest are listed by ID in descending order.
{% endhint %}

A color palette indicates special situations:

* Red: SLA exceeded.
* Yellow: SLA 1 hour about to be exceeded.
* Green: Incident with a new unread interaction.

<figure><img src="https://2621223932-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLTQJomzpe5BTzHSLQPAt%2Fuploads%2FZw6qkrKAszdpp0XHfSHv%2FScreenshot%202023-12-18%20at%2022.33.54.png?alt=media&#x26;token=cd68f65d-fe8c-4db5-9420-9eaf41006cf4" alt=""><figcaption><p>Incident Table Order</p></figcaption></figure>

***

#### **Important columns into dashboard include:**

* SLA: The time agreed with the client, which stops counting when the incident is addressed.
* Severity: Organized from INFO to CRITICAL, according to the parent correlation rule.
* Status: Indicates the stage of resolution, varying from active, pending, under treatment, and closed.
* Rate: The average user feedback, based on various parameters.

***

#### Available actions into dashbord:

* Escalate Incident: Increases the incident's priority in the list, reducing the SLA.
* [<mark style="color:green;">Alerts</mark>](https://docs.inopli.com/response/incidents/alerts): Displays all the alerts that led to the incident.
* [<mark style="color:green;">Messages</mark>](https://docs.inopli.com/response/incidents/messages): Allows analysts to follow and participate in the resolution process, sending messages and files, and includes system messages about changes in the incident.
* [<mark style="color:green;">Rate</mark>](https://docs.inopli.com/response/incidents/rate): Displays feedback for each analyst involved.

***

### Incident Details

Presents important information, links, message history, and activities related to the incident, allowing individual or mass changes in various parameters.

<figure><img src="https://2621223932-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLTQJomzpe5BTzHSLQPAt%2Fuploads%2Ftxdp58szDA9lrk9ZAYmn%2FScreenshot%202023-12-18%20at%2022.38.30.png?alt=media&#x26;token=fa985fe2-27b2-4194-b003-84ee6c80b4be" alt="" width="162"><figcaption><p>Incident Details</p></figcaption></figure>

{% content-ref url="incidents/alerts" %}
[alerts](https://docs.inopli.com/response/incidents/alerts)
{% endcontent-ref %}

{% content-ref url="incidents/messages" %}
[messages](https://docs.inopli.com/response/incidents/messages)
{% endcontent-ref %}

{% content-ref url="incidents/history" %}
[history](https://docs.inopli.com/response/incidents/history)
{% endcontent-ref %}

{% content-ref url="incidents/playbooks" %}
[playbooks](https://docs.inopli.com/response/incidents/playbooks)
{% endcontent-ref %}

{% content-ref url="incidents/rules" %}
[rules](https://docs.inopli.com/response/incidents/rules)
{% endcontent-ref %}

***