You can apply actions to an alert to transition the alert through the alert lifecycle. The following table lists the actions that can be applied to an alert:

ActionDescription
AcknowledgeA received alert needs to be acknowledged. After you acknowledge the alert, a comment is displayed as Acknowledged and includes the user name. From the Incident unique ID drop-down menu, click Acknowledge and a tick mark is displayed below the Incident ID.
Create IncidentA ticket can be created for the generated alert, assigning users and setting the priority. After an incident is created, the status of the alert changes to Ticketed and the incident ID is displayed in the Action/Status column.
Note: While creating the incident manually from the alert, you can use canned response templates to auto populate description in the incident.

See Create canned responses for more information on how to make a canned response default.
Attach And Update IncidentMap an alert to an existing ticket or update the ticket with the alert contents. This action is generally used to update the same ticket with related alerts.
Attach IncidentMap an alert to an existing ticket without updating the ticket with the alert contents.
SuppressSuppress the current alert and all duplicate alerts. A new alert of the same type is displayed as a fresh alert and not as a duplicate alert. The status of the alert changes to Suppressed. The Snooze setting suppresses alerts for a specified time interval. If a repeated alert occurs when the alert is in snoozed state, the alerts repeat count increments and the snooze duration is reset based on the repeated alert attributes.

Note that if the alert payload has a source time that is older than the suppression time, the First Response recommendation or suppression is not applied.
UnacknowledgeUndo the Acknowledge action taken on an alert. For example, if a solution did not address a specific problem, unacknowledge the alert. The status of the alert changes to either Open or Ticketed provided an incident ID is associated with the alert.
UnsuppressUndo a Suppress action taken on an alert. The status of the alert changes to either Open or Ticketed provided an incident ID is associated with the alert.
Run ProcessAdd process definitions to an alert and run. The option does not appear for Suppressed and Heal alerts.
CloseClose an alert when an issue is solved and the alert is resolved. The alert state changes to OK.
HealUnder the alert list, there is a new option called Heal. When the user selects the Heal action, an OK alert with the identical properties is created, giving the appearance that the alert has been healed. This will make it easier for users to manually fix the alert.

This option is applicable to heal the alert for critical and warning types of alerts even if they are in any action. We don't have the option to perform heal action on multiple alerts simultaneously, but can perform heal alert action only on one alert at a time.

For correlated alerts, an action can be performed on the entire inference, but not on a single, correlated alert.

Apply alert action

  1. Select a client from the All Clients list.
  2. Go to Alerts and select the alert ID you want.
  3. In the Action/Status column, click Select and select the action you want to apply.

The alert status transitions to the next state associated with the action. See Alert Lifecycle.

Snooze an alert

You can snooze an alert for a specified duration.

  1. In the Suppress alert window, select Snooze alert for n minutes.

  2. Enter the snooze duration you want:

    Suppress Alert for a Specific Duration
  3. In the Comments text box, enter a comment you want associated with the suppress action.

Go to the Alerts page to view the snooze setting in the Action/Status column.