This feature is currently available for customers of Freshservice who signed-up post March 18, 2024.


In this scenario, we aim to promptly escalate critical severity alerts to incidents while delaying the escalation of error and warning severity alerts to mitigate potential flapping alerts.

  1. Create a workflow automator by following the steps listed here.
  2. Drag an Event node and select "Alert is Raised" to trigger the workflow whenever an alert is raised.

  3. Drag a Condition node to set the conditions based on which you want the actions to be performed. For example, this workflow should only run on alerts from the "FRSH" integrations. Therefore, choose the "Alert fields.integration name includes FRSH" option. Label this branch as "Integration Check".

  4. If this condition is true, check for the severity of the alert. Drag another condition node, and set it next to the yes branch of the previous node. Choose the option "Alert Severity contains Critical for 1 consecutive alert". Label the node as "Critical severity check"

  5. Drag an action node for the yes branch of the "Critical Severity Check" node. Select the action "Create incident" and the option "set status as open". Configure other incident fields as needed.

  6. Similarly, drag another condition node and set it along the no branch of the "Critical severity check" node. Choose the "Alert Severity contains Error or warning for 1 consecutive alert" option. Label the node as "Error or warning severity check".

  7. Drag a timer node and set it along the yes branch of the "Error or warning severity check" node. Set the timer value to 15 minutes.

  8. Drag another condition node to check the current status of the alert. Select "Alert Fields.Status is not Resolved" and label the node as "Status check". If the alert is unresolved, you can create a medium-priority incident as in Step 5. Set this node along the yes branch. 

  9. For the no branch you add another action node to add a note to the alert. Select the action as "Update alert" and the option as "Add note". 

    By following these step-by-step instructions, you can efficiently automate the escalation of critical severity alerts to incidents while managing error and warning severity alerts with appropriate delays and actions, enhancing your incident management process.