.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
The Incidents page tracks security incidents across your environment — from detection through resolution. Incidents can be created automatically from connected integrations or logged manually.Documentation Index
Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
Use this file to discover all available pages before exploring further.
How incidents are created
Incidents flow into DSALTA from two sources:- Integration-sourced — When you connect monitoring tools like Datadog, Grafana, or cloud providers (AWS GuardDuty, Azure Defender, GCP Security Command Center), open incidents sync automatically. Each record shows the integration name as its source.
- Manual — Your team can log incidents directly in DSALTA. Manual incidents show Source: Manual.
Incident details
Each incident displays:| Column | Description |
|---|---|
| Title | Name or summary of the incident |
| Severity | Critical, High, Medium, or Low |
| Status | Open, Investigating, Contained, Resolved, or Closed |
| Type | Security breach, data exposure, service outage, unauthorized access, etc. |
| Owner | Team member responsible for investigation and resolution |
| Source | Integration name or “Manual” |
| Created | When the incident was first detected or reported |
- Timeline — Chronological log of all actions taken, status changes, and notes
- Root cause — What caused the incident
- Remediation — Steps taken to resolve and prevent recurrence
- Affected assets — Which systems or data were impacted
- Attachments — Supporting documents, screenshots, or reports
Working with incidents
To create a new incident manually, click + New Incident and fill in the required fields. Assign an owner and set the severity level. As your team investigates, update the status to reflect progress:- Open — Incident detected, not yet investigated
- Investigating — Team is actively working on the incident
- Contained — Threat has been neutralized but resolution is in progress
- Resolved — Root cause addressed and systems restored
- Closed — Post-incident review complete, no further action needed
Integrations that feed Incidents
Connect these integrations to automatically sync incidents into DSALTA:| Integration | What syncs |
|---|---|
| Datadog | Open and resolved incidents |
| Grafana | Alert-based incidents |
| AWS GuardDuty | Threat findings and security events |
| Azure Defender | Microsoft Defender for Cloud findings |
| GCP Security Command Center | Security findings and vulnerability alerts |