Incident Lifecycle

Incidents move through configurable statuses so teams share a single source of truth from detection to closure.

Typical lifecycle

New → Acknowledged → Investigating → Mitigation in Progress → Resolved → Closed

Your tenant may also use states such as Escalated, Waiting for Vendor, or Waiting for Maintenance Window, depending on ITSM settings.

Working an incident

On the incident detail page (/incidents/:id):

• Update status via allowed transitions (enforced by tenant workflow rules)
• Use the timeline for notes and system events
• Manage assignees and linked assets
• Open related changes, problems, or post-incident reviews from cross-links when permitted

SLA

SLA timers depend on policies configured under Settings. Approaching breach may surface flags and notifications to assigned users.

Related records

Action	Purpose
Create Change	Controlled remediation in production
Create Problem	Track recurring root cause
Post-incident review	Formal lessons learned after major events
Link Vulnerability	Tie to known CVEs

Note

Status names and allowed transitions are tenant-specific. If a transition is missing, ask an administrator to review ITSM status flow settings.

Permissions

• incidents.read — view
• incidents.update — edit fields and transition where allowed
• incidents.create — new incidents

See also

• Creating an Incident
• Incident Management Overview