Incidents
The Incidents feature helps you track, respond to, and document security incidents within your organization.
Overview
Incident management provides:
- Centralized tracking of all security incidents
- Response coordination with assigned responders
- Timeline documentation for post-incident analysis
- Automated detection from platform monitoring signals
Incident Lifecycle
Detected → Triaging → Investigating → Containing → Resolved → Closed
Automatic Detection
Some incidents are created automatically based on:
- Multiple failed login attempts
- Unusual API activity patterns
- Policy violations from governance packs
- SIEM alerts from external integrations
Incident Severity
| Severity | Description | Response Time |
|---|---|---|
| Critical | Active breach or data loss | Immediate |
| High | Potential breach or major policy violation | 1 hour |
| Medium | Security anomaly requiring investigation | 4 hours |
| Low | Minor security event | 24 hours |
Feature Availability
| Feature | Growth | Enterprise |
|---|---|---|
| Incident Tracking | Yes | Yes |
| Automated Detection | Yes | Yes |
| Response Playbooks | -- | Yes |
| Integration with SIEM | -- | Yes |
Next: Learn about SIEM Integration for security event export.