An incident tracks an ongoing situation in your network, as determined by its associated events. Events drive the opening, updating and closing of incidents.
- For example, if a certain port utilization threshold is exceeded, ENA will raise a Port Utilization High Event for that port. This Port Utilization High Event will open a Port Utilization Abnormality Incident. This incident can then be updated or closed by a further associated event or events.
There are three possible states that an incident can be in:
- Closed - can be reopened if a new associated event occurs.
- Expired - can no longer be reopened. Any new events will open a new incident.
Incidents do not have an assigned level, but instead inherit a severity level from their currently raised event.
- For example, if an event has a severity level of Major, then the incident that it raises will have a severity level of Major. If that incident is then updated by an event with a severity level of Critical, that incident then inherits the Critical severity level.
The incident severity levels are as follows:
|Display Severity and Color||Description|
|1 - Green||Information or Cleared|
|2 - Yellow||Minor|
|3 - Amber||Major|
|4 - Orange||Severe|
|5 - Red||Critical|