> For the complete documentation index, see [llms.txt](https://docs.cortex.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cortex.io/solutions/incident-mgmt/configure.md).
# Prepare for and prevent incidents
To configure your Cortex workspace to handle Incident Management & Response, we recommend the following actions:
* **Connect Data**: [Ingest data, ensure ownership is assigned to your entities, and configure integrations](#step-1-ingest-data-and-solve-ownership) for incident management, on-call, and other tools your organization uses.
* **Standardize**: [Configure a Scorecard to enforce Incident Management best practices](#step-2-configure-a-scorecard-for-incident-preparedness) and measure relevant metrics
* **Streamline**: [Enable On-Call Assistant in Cortex](#step-3-enable-on-call-assistant) for automated notifications during incidents, reducing the time to resolution. [Configure Workflows to streamline incident-related steps](#step-4-configure-workflows-for-incident-related-tasks), and [configure Cortex MCP](#step-5-configure-cortex-mcp) to ensure you have a quick way to get answers during incidents
* **Improve**: [Review Eng Intelligence metrics](#step-6-review-and-act-on-eng-intelligence) and take action to improve incident preparedness
## Use Cortex features to prepare for incidents
Expand the tiles below to learn about configuring Cortex features to stay prepared in case of incidents.
Step 1: Ingest data and solve ownership 🔌
{% hint style="success" %}
**Action Items:**
* [**Import your data**](/ingesting-data-into-cortex/overview.md)
* [**Ensure ownership is set**](/ingesting-data-into-cortex/entities-overview/entities/ownership.md)
* [**Configure integrations**](/ingesting-data-into-cortex/integrations.md)
{% endhint %}
Before getting started on any use case, it is crucial to import your services, resources, infrastructure, and other entities, and to have clear visibility into the ownership of your entities.
Connecting your entities to Cortex establishes a single source of truth across your engineering organization. It enables the ability to track progress via Scorecards, automate Workflows, and gain insights from Eng Intelligence.
Setting ownership of entities ensures that every service and system is clearly linked to accountable teams or individuals, enabling faster incident response, reducing handoff friction, and making it possible to enforce standards consistently.
The more data you have available, the more actionable and insightful your Scorecards can be.
#### Relevant integrations
To focus on Incident Management & Response, Cortex recommends integrating with tools that help automate alerting, manage on-call schedules, trigger and track incidents, and facilitate post-incident analysis. Make sure you have configured integrations for the following categories:
* **Incident management**: [FireHydrant](/ingesting-data-into-cortex/integrations/firehydrant.md), [Incident.io](/ingesting-data-into-cortex/integrations/incidentio.md), [PagerDuty](/ingesting-data-into-cortex/integrations/pagerduty.md), [Rootly](/ingesting-data-into-cortex/integrations/rootly.md)
* Trigger incidents, route alerts, and view incident data on entity pages
* **On-call**: [PagerDuty](/ingesting-data-into-cortex/integrations/pagerduty.md), [Opsgenie](/ingesting-data-into-cortex/integrations/opsgenie.md), [Splunk On-Call](/ingesting-data-into-cortex/integrations/splunk-oncall.md) (formerly VictorOps), [xMatters](/ingesting-data-into-cortex/integrations/xmatters.md)
* Track on-call responsibilities to confirm that support teams are always assigned
* **Monitoring and observability**: [Coralogix](/ingesting-data-into-cortex/integrations/coralogix.md), [Datadog](/ingesting-data-into-cortex/integrations/datadog.md), [Dynatrace](/ingesting-data-into-cortex/integrations/dynatrace.md), [Google Observability Cloud](/ingesting-data-into-cortex/integrations/google.md), [Instana](/ingesting-data-into-cortex/integrations/instana.md), [New Relic](/ingesting-data-into-cortex/integrations/newrelic.md), [Prometheus](/ingesting-data-into-cortex/integrations/prometheus.md), [ServiceNow Cloud Observability](/ingesting-data-into-cortex/integrations/lightstep.md) (formerly Lightstep), [Splunk Observability Cloud](/ingesting-data-into-cortex/integrations/splunk-observability.md) (formerly SignalFX), [Sumo Logic](/ingesting-data-into-cortex/integrations/sumologic.md)
* Detect issues faster and improve visibility
* **Project management**: [GitHub](/ingesting-data-into-cortex/integrations/github.md), [Jira](/ingesting-data-into-cortex/integrations/jira.md), [Azure DevOps](/ingesting-data-into-cortex/integrations/azuredevops.md), [ClickUp](/ingesting-data-into-cortex/integrations/clickup.md)
* Track incidents, bugs, and compliance issues
* **Code quality and security**: [Checkmarx](/ingesting-data-into-cortex/integrations/checkmarx.md), [Codecov](/ingesting-data-into-cortex/integrations/codecov.md), [Mend](/ingesting-data-into-cortex/integrations/mend.md), [Snyk](/ingesting-data-into-cortex/integrations/snyk.md), [SonarQube](/ingesting-data-into-cortex/integrations/sonarqube.md), [Veracode](/ingesting-data-into-cortex/integrations/veracode.md), [Wiz](/ingesting-data-into-cortex/integrations/wiz.md)
* Enforce code coverage, vulnerability scanning, and other quality measures
Cortex also recommends [linking to runbooks and documentation](/ingesting-data-into-cortex/entities-overview/entities/external-docs.md) for your entities, ensuring your users have access to critical information.
With your data in Cortex, you have a jumping-off point to start driving a successful Incident Management process.
Step 2: Configure a Scorecard for Incident Preparedness 📋
{% hint style="success" %}
**Action Item:** [**Create a Scorecard**](https://docs.cortex.io/standardize/scorecards/create) **for Incident Preparedness or Incident Response Performance**
{% endhint %}
Scorecards automate the process of checking whether services meet criteria such as ownership, on-call coverage, runbooks, monitoring, and security requirements.
Cortex's incident templates include predefined rules which can be customized based on your organization's requirements, infrastructure, and goals. The templates are structured into three levels — Bronze, Silver, and Gold — with each representing increasing levels of success.
#### Step 2.1: Create the Scorecard and configure the basics
1. On the [**Scorecards** page](https://app.getcortexapp.com/admin/scorecards) in your workspace, click **Create Scorecard**.
2. There are two incident-related Scorecard templates available: Incident Preparedness and Incident Response Performance. On the template you want to use, click **Use**.
3. Configure basic settings, including the Scorecard's name, unique identifier, description, and more.
* Learn about configuring the basic settings in the [Creating a Scorecard documentation](https://docs.cortex.io/standardize/scorecards/create#step-1-configure-the-basic-scorecard-fields).
#### Step 2.2: Review and modify the rules
The Scorecard template contains rules that prepare your organization for incidents and enforce industry best practices, such as:
* Enforce ownership, linked docs, and linked Slack channels to enable quick action during incidents.
* Enforce having monitors documented to accurately identify issues and reduce mean time to resolution (MTTR).
* Enforce incoming and outgoing dependencies being documented, to allow responders to assess the full impact and prioritize remediation efforts effectively.
While Cortex's template is based on common industry best practices, you may need to adjust the rules based on which tools you use and how your organization prioritizes requirements and metrics. You can reorder, delete, and edit rules, and you can add more rules to a level.
When adding or changing the template rules, you can select from a list of available pre-built rules. Behind each rule is a [Cortex Query Language (CQL) ](https://docs.cortex.io/standardize/cql)query; you can also write your own queries to further refine your rules.
Step 3: Enable On-Call Assistant 🔔
{% hint style="success" %}
**Action Item:** [**Enable On-Call Assistant**](https://docs.cortex.io/ingesting-data-into-cortex/entities/oncall-assistant)
{% endhint %}
Cortex's [On-Call Assistant](https://docs.cortex.io/ingesting-data-into-cortex/entities/oncall-assistant) simplifies the incident response process and reduces MTTR. It leverages the [PagerDuty integration](https://docs.cortex.io/ingesting-data-into-cortex/integrations/pagerduty) to automatically surface the most vital information about an entity when an incident has been triggered. During an incident, it notifies the responsible users via Slack, providing incident details, deploy and monitoring information, the entity's owner and related Slack channel, and links to more information.
Step 4: Configure Workflows for incident-related tasks ⚙️
{% hint style="success" %}
**Action Item:** [**Configure Workflows**](https://docs.cortex.io/streamline/workflows/create)
{% endhint %}
[Configure Workflows](https://docs.cortex.io/streamline/workflows/create) to automate repetitive and manual tasks, such as:
* Restarting services or pods
* Rolling back deployments
* See an example in [Rollback a service during an incident](https://docs.cortex.io/streamline/workflows/examples/rollback).
* Sending status notifications
Step 5: Configure Cortex MCP 🤖
{% hint style="success" %}
**Action Item:** [**Configure Cortex MCP**](https://docs.cortex.io/get-started/mcp)
{% endhint %}
[Cortex MCP](https://docs.cortex.io/get-started/mcp) can significantly help during an incident by providing instant, conversational access to critical service and team information directly from your MCP client. It supports incident response by providing:
* **Real-time, structured answers**: Ask questions like "Who is on call for backend-server?" or "Give me all the details for parser-service." MCP fetches the data in real time from Cortex's API, ensuring accurate and up-to-date information about service health, ownership, and operational readiness.\
* **Actionable recommendations**: MCP can suggest next steps or remediation ideas based on Scorecard and Initiative data, helping you identify and address gaps in incident response.\
\
* **Reduced context switching**: It meets engineers where they work, such as in an IDE or MCP chat client, eliminating the need to switch between tools during a high-pressure incident.
Step 6: Review and act on Eng Intelligence 📈
{% hint style="success" %}
**Action Item:** [**Review Eng Intelligence metrics**](https://docs.cortex.io/improve/eng-intelligence)
{% endhint %}
Use Eng Intelligence features — the [DORA dashboard](https://docs.cortex.io/improve/eng-intelligence/dora-dashboard), [Velocity Dashboard](https://docs.cortex.io/improve/eng-intelligence/velocity-dashboard), and [Metrics Explorer](https://docs.cortex.io/improve/eng-intelligence/metrics-explorer) — to understand how well teams are performing during and after incidents.
Review trends in areas such as incident frequency and time to resolution.
{% hint style="success" %}
Looking for additional resources on enforcing Incident Management best practices in Cortex? Check out the [Cortex Academy "Incident Management & Response" course](https://academy.cortex.io/courses/incident-response), available to all Cortex customers and POVs.
{% endhint %}
## Incident preparedness in action
After you have configured your workspace for incident preparedness, you are well prepared to handle incidents when they arise.
Learn more about preventing and handling active incidents in [Incident Response in action](/solutions/incident-mgmt/in-action.md).
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.cortex.io/solutions/incident-mgmt/configure.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.