Help and Documentation

Incident Configuration

7min

Overview
Every incident created on Rootly can be marked with a set of properties. These properties can either be built-in or a customer property. Incident properties play a key role during incident management as they
help characterize each incident (e.g. kind = normal)
can be used as trigger events (e.g. Status Updated)
can help define run conditions (e.g. Severity is SEV0)
can be used as metrics filters
can be referenced using Liquid syntax
The following section lists out all of the incident properties that you can use to help you manage incidents.
Fixed Properties
Fixed properties cannot be customized. They are created as-is by Rootly and are restricted on purpose to enforce a certain level of standard across the platform.
Incident Kind
The kind property is used by Rootly to identify the classification of incidents that are being created. This field cannot be customized and is determined at the time of incident creation.
The available incidents kinds are:
Kind
Description
Data Value
Incident
These are the most common incidents teams create. They are declared via the /rootly new Slack command.
normal
Sub Incident
These are child incidents that can be created under any normal incident. They are declared within an existing incident channel via the /rootly sub Slack command.
normal_sub
Test Incident
These are equivalent to a normal incident, but used for testing purposes. Test incidents cannot be published onto status pages. They are declared via the /rootly test Slack command.
test
Sub Test Incident
These are equivalent to a normal sub incident, but used for testing purposes. Sub test incidents also cannot be published onto status pages. They are declared within an existing test incident channel via the /rootly sub Slack command.
test_sub
Backfill Incident
These are incidents that are added AFTER it's already been resolved. When a backfill incident is declared, all workflows that trigger on Incident Created will not be run. They are declared via the /rootly new Slack command and with the Backfill Incident selected.
backfilled
Scheduled Maintenance
These are "incidents" that can be declared to planned maintenance cycles. They have their own unique statuses and other properties. They are declared via /rootly maintenance Slack command.
scheduled
Incident Status
Incident status is a key component that drives incident response processes. As with the other properties in this section, status is also fixed and cannot be customized.
The available incidents statuses are:
Kind
Description
Data Value
Triage
The triage status is used for issues that have not been confirmed as an incident. To declare an incident in the triage status, simply check the Mark as In Triage checkbox when creating an incident. This status does NOT apply to scheduled maintenances.
in_triage
Started
This marks the official start of an incident. You can progress an incident from the triage status to started or declare an incident directly into the started status. This status does NOT apply to scheduled maintenances. This status does NOT apply to scheduled maintenances.
started
Mitigated
The mitigated status is used to signify that the incident impact has been halted. This is not the end of an incident. This status does NOT apply to scheduled maintenances.
mitigated
Resolved
The resolved status is used to signify the end of an incident. This is typically when retrospectives are created and active issue tickets are closed. This status does NOT apply to scheduled maintenances.
resolved
Cancelled
The cancelled status can be used at any point in the lifetime of an incident. It is typically used to mark a false-positive incident or close a duplicate incident. This status does NOT apply to scheduled maintenances.
cancelled
Scheduled
The scheduled status only applies to scheduled maintenances. It is used to indicate that the maintenance window has been planned and created.
scheduled
In Progress
The in progress status only applies to scheduled maintenances. It is used to indicate that the maintenance window is currently active.
in_progress
Completed
The completed status only applies to scheduled maintenances. It is used to indicate that the planned maintenance has ended.
completed
Configurable Properties
Configurable properties are built-it, but they can be customized. Below is a list of configurable properties that can be customized to fit your incident management process. 
Please click into each property to find out how to configure each property and how to reference them via Liquid variables.
Property
Description
﻿Environments﻿
This property allows you to characterize incidents by the environment that they are impacting. Incidents impacting PROD should be taken with priority over incidents only impacting DEV.
﻿Severities﻿
This property helps you categorize the impact level of incidents. SEV0 incidents should be handled with priority over SEV3 incidents.
﻿Incident Types﻿
This property often gets confused with the kind property. Kind is an internal categorization used by the Rootly platform, while type can be customized to your company's incident categorization requirements. 
The usage of this property is very flexible. Some companies use this to distinguish UI bugs from API issues. Others use this property to distinguish internal outages from customer-facing incidents.
﻿Incident Roles﻿
This property helps define your responders' responsibilities during an incident. An Incident Commander should have tasks that are different from the Communications Lead.
﻿Teams﻿
This property lets you assign incidents to their responsible teams. Incidents relating to the product should go to the Product team, while security incidents is best handled by the InfoSec team.
﻿Services﻿
This property lets you flag the service components that are impacted. Impacted services can be reflected on status pages.
﻿Functionalities﻿
This property lets you flag specific functional behaviours that are interrupted during incidents. E.g. the ability to cart an item, or the ability to log in. Like services, functionalities are also displayable on status pages.
﻿Incident Causes﻿
This property allows you to quickly categorize the root cause of incidents. This is particularly useful for identifying trends when analyzing historical incidents.
Custom Properties
Sometimes the built-in properties are not enough to meet all your incident categorization requirements. For a fully bespoked experience, teams can set up custom properies to further enhance their incident characterization.
Please see the Custom Fields page to learn more about creating custom incident properties.
Support
If you need help or more information about this integration, please contact [email protected] or start a chat by navigating to Help > Chat with Us.

Kind	Description	Data Value
Incident	These are the most common incidents teams create. They are declared via the /rootly new Slack command.	normal
Sub Incident	These are child incidents that can be created under any normal incident. They are declared within an existing incident channel via the /rootly sub Slack command.	normal_sub
Test Incident	These are equivalent to a normal incident, but used for testing purposes. Test incidents cannot be published onto status pages. They are declared via the /rootly test Slack command.	test
Sub Test Incident	These are equivalent to a normal sub incident, but used for testing purposes. Sub test incidents also cannot be published onto status pages. They are declared within an existing test incident channel via the /rootly sub Slack command.	test_sub
Backfill Incident	These are incidents that are added AFTER it's already been resolved. When a backfill incident is declared, all workflows that trigger on Incident Created will not be run. They are declared via the /rootly new Slack command and with the Backfill Incident selected.	backfilled
Scheduled Maintenance	These are "incidents" that can be declared to planned maintenance cycles. They have their own unique statuses and other properties. They are declared via /rootly maintenance Slack command.	scheduled

Kind	Description	Data Value
Triage	The triage status is used for issues that have not been confirmed as an incident. To declare an incident in the triage status, simply check the Mark as In Triage checkbox when creating an incident. This status does NOT apply to scheduled maintenances.	in_triage
Started	This marks the official start of an incident. You can progress an incident from the triage status to started or declare an incident directly into the started status. This status does NOT apply to scheduled maintenances. This status does NOT apply to scheduled maintenances.	started
Mitigated	The mitigated status is used to signify that the incident impact has been halted. This is not the end of an incident. This status does NOT apply to scheduled maintenances.	mitigated
Resolved	The resolved status is used to signify the end of an incident. This is typically when retrospectives are created and active issue tickets are closed. This status does NOT apply to scheduled maintenances.	resolved
Cancelled	The cancelled status can be used at any point in the lifetime of an incident. It is typically used to mark a false-positive incident or close a duplicate incident. This status does NOT apply to scheduled maintenances.	cancelled
Scheduled	The scheduled status only applies to scheduled maintenances. It is used to indicate that the maintenance window has been planned and created.	scheduled
In Progress	The in progress status only applies to scheduled maintenances. It is used to indicate that the maintenance window is currently active.	in_progress
Completed	The completed status only applies to scheduled maintenances. It is used to indicate that the planned maintenance has ended.	completed

Property	Description
Environments	This property allows you to characterize incidents by the environment that they are impacting. Incidents impacting PROD should be taken with priority over incidents only impacting DEV.
Severities	This property helps you categorize the impact level of incidents. SEV0 incidents should be handled with priority over SEV3 incidents.
Incident Types	This property often gets confused with the kind property. Kind is an internal categorization used by the Rootly platform, while type can be customized to your company's incident categorization requirements. The usage of this property is very flexible. Some companies use this to distinguish UI bugs from API issues. Others use this property to distinguish internal outages from customer-facing incidents.
Incident Roles	This property helps define your responders' responsibilities during an incident. An Incident Commander should have tasks that are different from the Communications Lead.
Teams	This property lets you assign incidents to their responsible teams. Incidents relating to the product should go to the Product team, while security incidents is best handled by the InfoSec team.
Services	This property lets you flag the service components that are impacted. Impacted services can be reflected on status pages.
Functionalities	This property lets you flag specific functional behaviours that are interrupted during incidents. E.g. the ability to cart an item, or the ability to log in. Like services, functionalities are also displayable on status pages.
Incident Causes	This property allows you to quickly categorize the root cause of incidents. This is particularly useful for identifying trends when analyzing historical incidents.

Updated 01 Apr 2024

Did this page help you?

Manually Running Workflows

Forms & Fields