Fortinet black logo

User Guide

Home FortiMonitor 24.2.0 User Guide

Respond to an incident and delay further alerts

24.2.0
24.2.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:759735
Download PDF

Respond to an incident and delay further alerts

When you receive an alert for an incident, you have the following options:

  • Acknowledge: mark that incident with your username so your team knows that you are taking responsibility for it.

  • Escalate: immediately send an alert based on the next event, overriding the configured amount of time in the Alert Timeline.

  • Delay: postpone the next event on the Alert Timeline for a specified length of time.

Acknowledging an incident

Acknowledging an incident marks the incident with your username and assigns you as the Incident Lead. You also have the option to send a message to all configured users and integrations in the Alert Timeline or delay further alerts for a set amount of time. There are several ways to acknowledge an incident:

  • See Incident Hub and View incident details.

  • From the Infrastructure Map, select the instance that has an incident then click Take Action > Acknowledge.

  • From the Instance Details page, click the incident from the incident header. This will take you to the instance's incident page. You can acknowledge the incident from there. See View incident details.

  • From the navigation menu, select Incidents > All Incidents. Select the incident then click Acknowledge.

  • From the email you receive during an incident, select the Acknowledge link. This will take you to the control panel.

In addition to acknowledging an incident, the following actions are also available depending on which page you are on:

  • Broadcast - Send a message to all configured users and channels in the Alert Timeline

  • Exclude from Availability - Exclude the incident from the availability calculation

  • Delay alerts by - When you acknowledge an incident, you have the option to postpone alerts for a set amount of time

  • Enable all clear - this functionality alerts all previously alerted users/integrations that the incident has resolved

  • Cancel alerts - cancels succeeding alerts. No further alerts will be sent

  • Escalate incident - Immediately send an alert based on the next event, overriding the configured amount of time in the Alert Timeline. This means that even if you have configured the Alert Timeline to send an alert after 10 minutes, you can override this and send the alert earlier.

Once you click the Acknowledge button, the Acknowledge Incident drawer will slide out. From this drawer, you can choose to delay alerts, acknowledge the outage, and add a message to the incident's log.

Escalating an incident

Escalating means you send an alert to the next-in-line on the Alert Timeline immediately. If you had an Alert Timeline set up to send an alert to someone 5 minutes after an incident is detected, and it was only three minutes into the incident, you can escalate it and instead of waiting 2 more minutes for the 5-minute alert to be sent, it would be triggered right away.

Delaying an incident alert

Say you have an Alert Timeline to have one person alerted as soon as the incident occurs, and another person 5 minutes into the incident. You can choose Delay alert by 5 minutes and the person who would normally get an alert at 5 minutes would not be alerted until 10 minutes into the outage. This is for all alerts on the Alert Timeline, so all alerts would be pushed back by 5 minutes. It only adds 5 minutes to the original time, not the time you acknowledged it.

Previous
Next

Respond to an incident and delay further alerts

When you receive an alert for an incident, you have the following options:

  • Acknowledge: mark that incident with your username so your team knows that you are taking responsibility for it.

  • Escalate: immediately send an alert based on the next event, overriding the configured amount of time in the Alert Timeline.

  • Delay: postpone the next event on the Alert Timeline for a specified length of time.

Acknowledging an incident

Acknowledging an incident marks the incident with your username and assigns you as the Incident Lead. You also have the option to send a message to all configured users and integrations in the Alert Timeline or delay further alerts for a set amount of time. There are several ways to acknowledge an incident:

  • See Incident Hub and View incident details.

  • From the Infrastructure Map, select the instance that has an incident then click Take Action > Acknowledge.

  • From the Instance Details page, click the incident from the incident header. This will take you to the instance's incident page. You can acknowledge the incident from there. See View incident details.

  • From the navigation menu, select Incidents > All Incidents. Select the incident then click Acknowledge.

  • From the email you receive during an incident, select the Acknowledge link. This will take you to the control panel.

In addition to acknowledging an incident, the following actions are also available depending on which page you are on:

  • Broadcast - Send a message to all configured users and channels in the Alert Timeline

  • Exclude from Availability - Exclude the incident from the availability calculation

  • Delay alerts by - When you acknowledge an incident, you have the option to postpone alerts for a set amount of time

  • Enable all clear - this functionality alerts all previously alerted users/integrations that the incident has resolved

  • Cancel alerts - cancels succeeding alerts. No further alerts will be sent

  • Escalate incident - Immediately send an alert based on the next event, overriding the configured amount of time in the Alert Timeline. This means that even if you have configured the Alert Timeline to send an alert after 10 minutes, you can override this and send the alert earlier.

Once you click the Acknowledge button, the Acknowledge Incident drawer will slide out. From this drawer, you can choose to delay alerts, acknowledge the outage, and add a message to the incident's log.

Escalating an incident

Escalating means you send an alert to the next-in-line on the Alert Timeline immediately. If you had an Alert Timeline set up to send an alert to someone 5 minutes after an incident is detected, and it was only three minutes into the incident, you can escalate it and instead of waiting 2 more minutes for the 5-minute alert to be sent, it would be triggered right away.

Delaying an incident alert

Say you have an Alert Timeline to have one person alerted as soon as the incident occurs, and another person 5 minutes into the incident. You can choose Delay alert by 5 minutes and the person who would normally get an alert at 5 minutes would not be alerted until 10 minutes into the outage. This is for all alerts on the Alert Timeline, so all alerts would be pushed back by 5 minutes. It only adds 5 minutes to the original time, not the time you acknowledged it.

Previous
Next