Incidents is a web application for managing non-trivial security incidents.
When you first encounter a phishing email, a malware infection, an application vulnerability, a suspicious login, an act of abuse by an insider, or another security incident, your security team may create a Slack channel, or a Google Doc, or a JIRA ticket, to investigate it.
As the investigation's scope increases, though, these tools aren't enough to manage the incident's complexity.
You might have a dozen people working on 30-40 tasks at once:
collecting forensic data
conducting forensic analysis
fixing technology issues
asking your vendors for logs
notifying affected users
communicating with upper management, etc
It's difficult to stay up to date on an incident where all these workstreams are juxtaposed in the same chat channel.
Our insight is that incidents are trees of tickets, where some tickets are leads.