You can set up incident timers and SLAs to track KPIs and ensure that operational performance is inline with your objectives. By adding timer and SLA fields to the Incidents table, you can see track the progress of your incident SLAs.
To help you to monitor and assess your key performance indicators (KPIs), you can create SLAs at the incident level. Incident SLAs provide the ability to track KPIs, obtain real-time insights into operational performance, and ensure alignment with established objectives.
Incident SLAs are based on incident timer fields. When an incident matches the defined criteria, the timer starts running. If the timer field is linked to an SLA, Cortex XSIAM tracks the progress of the incident in relation to the SLA.
To track your SLAs on the Incidents page, add the timer and SLA fields to the table layout, or create a custom layout with SLA fields. Note that the timer field counts forward, and the SLA field counts backwards.
Danger
Before you can create an incident SLA, you must first create a timer field. A timer field can be associated with a single incident SLA.