Alert Lifecycle
Alert creation
Alerts are triggered with No status and flagged as a potential issue that might need further investigation.
Acknowledge an alert
There is an option to acknowledge an alert. This sets the status to Acknowledged. An acknowledged alert is being investigated or worked on, but is not yet resolved. It also may not yet be marked as an incident.
The alternative option is to directly mark this alert as incident. In a single step, this acknowledges the alert and signifies that it has been confirmed as an issue or requires work to resolve. Alternatively, an alert can be marked as an incident after acknowledging it.
Mark as incident
Mark as Incident: When you mark an alert as an incident, it indicates that the issue is under investigation. This status signals that someone is actively investigating it
Resolve
If an alert is not an incident, it can be resolved with three statuses:
| Status | Intended Purpose |
|---|---|
| False Positive | The detection was not a valid statistical anomaly, and it does not indicate an actual problem. These alerts can be dismissed. |
| Expected | The detection was a valid anomaly from a statistical standpoint, but was the expected result of something like a pipeline change or planned maintenance. |
| No Action Needed | The detection was a valid anomaly from a statistical standpoint, but was not important enough to merit any further action. |
Updated 4 days ago