Incident Actions
Acknowledge, Resolve, Snooze, Merge and more
Once an incident is created and on-call responders have been notiifed, the job does not stop there. TaskCall provides a multitude of actions to help responders micro-manage and resolve the incidents faster. Although the selection of actions is quite broad, in most cases acknowledging and resolving the incidents should suffice.
Common Actions
- Acknowledge - When an incident is triggered, the best practice is to first acknowledge it and then start working on it. By acknowledging it, the responder lets others in his team know that he has noticed the issue and is working on it. The responder will have several minutes to address it within which if it is not resolved, alerts will be re-triggered.
- Resolve - An incident should only be resolved once the issue that caused it has been completely fixed. The action let’s others know that the incident has been taken care of. Hence, no more alerts are raised for it.
- Snooze - If a responder has noticed the alerts that have been raised to him, but would like to work on it some time later, then he can snooze the alert which will essentially put it in an “acknowledged” state for the time being and hold off on alerting until the snooze time is over. Snoozing can also be used to customize the alert re-trigger time.
- Escalate - Escalation allows an incident to be moved up from the current responders to those in the next level of the policy if the policy has a higher level. In cases where an incident remains unnoticed by level 1 responders, it will automatically be escalated to those in the next level (again if there is a higher level).
- Reassign - Reassigning switches responder roles from the current assignees to the policies that are selected for the reassignment. The current responders will no longer be responsible for addressing the incident after the re-assignment. This will be useful when a responder feels that he is not the correct person to be addressing the issue and that it will be better handled by another person or group.
All these actions can be taken from the mobile app, web dashboard and the Incidents API. Besides that, incidents can also be acknowledged, resolved and escalated by responding to SMS and voice call notifications. These digital responses are very useful when internet connectivity is limited.
More Actions
- Unacknowledge - By unacknowledging an incident, a responder essentially updates the status of the incident from “Acknowledged” to “Open”. This will make the incident fall back to its initial alerting cycle.
- Amend Urgency - Amending the urgency of an incident to a higher urgency will prioritize it, while amending it to a lower urgency will deprioritize it.
- Notate - Notes can be added to an incident to help responders. These notes can also prove to be useful if a postmortem report is created on the incident afterwards as it will show the communication that was made and some of the circumstances based on which certain actions may have been taken.
Special Actions
- Merge - Similar contextual alerts or alerts generated from the same issue in your system can be merged together under one incident to reduce noise. This can be done manually from the incident details page. Most of the times, similar alerts will be systematically merged by TaskCall. If intelligent grouping is enabled then we automatically merge similar alerts to reduce noise, while conditional routing can be used for rule based alert grouping and suppression. To view all the alerts that have been triggered on an incident go to the “Alerts” tab in the incident details page.
- Redact - If sensitive information was shared with the details of the incident and you would want to erase it completely, then you can choose to redact the incident. Redactions cannot be undone at all. Hence, you must be careful when redacting incidents.
Redactions are only allowed in paid plans and only the owner of the organization have the permission to do so. Please refer to the permissions guidelines for more details.