KT Intake

Capture incident context, sync updates, and export crisp summaries without leaving the bridge.

Confirm with template password Case study templates need this password before you can apply or save notes.

Problem Summary

In one sentence, what service or capability is not working right now?

Evidence & Affected Object

Detection Source

Monitoring

User Report

Automation

Other

Evidence Collected

Screenshot

Logs

Metrics

Repro

Other

What concrete evidence proves a deviation from normal behavior? Examples: alerts, error messages, metric spikes/drops, log lines, screenshots, reproducible steps.

Which specific service or component (object) is affected? Hardware name and model, Function/Module/Method, Container/Service/API, datastore/volume/bucket/table, network element, identity/policy/role, pipeline/job.

Baseline vs Current Behavior

For this object, what does ‘healthy/normal’ behavior look like? What was the expected behavior?

What is the current (actual) behavior of this object? What have you measured or verified against the baseline (using the same metrics as above), and what symptoms are you observing now?

Describe The Problem

Impact

Current Impact

Who or what is currently affected? Quantify: users/tenants/regions, transactions failing, SLI/SLO deltas (avail %, p95/p99, error %), data at risk (loss/corruption/exposure), workarounds.

Future Impact

If unresolved, what is the likely future impact? Blast radius growth, SLO/SLA breach, revenue/penalties, compliance, backlog/consumer lag, churn, on-call fatigue.

Timeframe

When will the Future Impact become Current Impact? (Best Estimate). What deadlines/SLAs do we need to be aware of?

Current Service Recovery Stage

Assessing / triage

Mitigating / stopping impact

Stabilized / workaround active

Permanent fix in progress

Restoring full service

Monitoring / validating stability

Closed

Containment / Mitigation Description

Problem Analysis

KT Question	IS — facts only	IS NOT — similar & reasonable and could be but is not occuring	Distinctions — Unique characteristics about the IS	Changes — Changes that happened in on around or about each Distinction

Possible Causes

Capture hypotheses and pressure test them against the KT IS / IS NOT evidence. Start with the suspect, accusation, and impact; then walk each cause through the table.

Copy & Paste Summary

Bridge Activation

Capture only what’s needed to activate the bridge and set comms cadence.

Bridge opened (UTC)

Incident Commander

Broadscope Captain

SEM/Ops Lead

Severity

Communication Cadence & Log

Communication cadence

10 min 15 min 20 min 30 min Hourly

Pick how often updates should be broadcast. Logging a communication restarts the timer and reminder.

Next update scheduled for

Communication log