Response
After you create an incident, you can view different phases associated with the incident in the Response tab. Each phase includes specific fields that must be updated to move to the next phase, and eventually close the incident. An incident workflow is automatically assigned to an incident based on the workflow mapping configured by your administrator. For more information, see Configure Incident Workflows
Note
The phases and their associated fields in the incident may differ based on the configurations made by your administrator.
Steps
To update the details in the Response tab, follow these steps:
Go to Menu > Incidents.
Select an incident and navigate to the Response tab.
You can view the following details in the Response tab:
Phase flow type: Hover over
to view the incident phase flow type. There are two types of phase flows:Linear Flow: In this flow, you must complete the phases in the sequence configured by your administrator.
Non-linear Flow: In this flow, you have the flexibility to move to any phase.
Current Phase: Displays the current phase of the incident.
Total Time Spent: Displays the total time spent on the incident response, from the opening to the closing of the incident.
Phase Timeline: Displays phase-wise progress of the incident response and the time spent on each phase. A green check mark on a phase indicates that the phase is completed. A blinker on a phase indicates the current phase of the incident. You can turn on the View Logs toggle to view the activity logs.
Phase fields: When you expand a phase, you can view the fields that need to be updated to complete a phase. To move to another phase, click Change Phase or go to a phase and click Move to this Phase.
Actions to be Closed: Displays the number of actions that must be closed in a phase.
Note
You can close the incident only after mandatory fields are completed and associated actions are closed in all the phases. For more information, see Close Incident.