# Screening alerts before creating incidents

Not all alerts signify a critical incident. Many are informational or can be resolved without waking up an on-call engineer. To combat alert fatigue and ensure your team only focuses on what truly matters, you can set up a workflow to screen incoming alerts before deciding to declare a major incident.

This guide demonstrates a two-tiered approach using separate teams and escalation policies to create a buffer for alert triage.

## Recommended Setup

The core of this setup involves two distinct teams, each with its own escalation policy:

1. **Alerts team:** This team acts as a catch-all for every notification from your monitors and integrations. It uses a **silent escalation policy** that creates an incident in Better Stack but doesn't page anyone.
2. **Incidents team:** This team is for confirmed, high-priority issues. It uses a **standard escalation policy** that pages the on-call engineer and triggers your full incident response process.

This setup allows your team to review a stream of non-urgent alerts and manually escalate only the critical ones into actionable incidents.

## Step 1: Create the Alerts team

This team will be the first destination for all incoming alerts, acting as your screening layer.

1. Go to [Settings → Teams](https://betterstack.com/settings/teams ";_blank") in your Better Stack account.
2. Create a new team and name it **Alerts**.
2. Assign team members that will be responsible for triaging alerts.

## Step 2: Create a silent escalation policy

You'll need an escalation policy that logs an incident without any disruptive alerts.

1. In the **Alerts team**, go to **[Escalation policies](https://uptime.betterstack.com/team/0/policies ";_blank")** and click **Create escalation policy**.
2. Name it **New Alert Policy**.
3. Remove all default escalation steps by clicking the `x` on each step. The final policy should have no steps.
4. Click **Create escalation policy**.

![An escalation policy named "New Alert Policy" with no escalation steps.](https://imagedelivery.net/xZXo0QFi-1_4Zimer-T0XQ/c7294988-c33b-4c57-a0b7-bc0297333000/orig =3268x2124)

[info]
#### Send alerts to a triage channel
You can add a single, non-intrusive notification to your silent policy, like a message to a dedicated Slack channel (e.g., `#alerts-triage`). This gives your team a central place to see incoming alerts without any noise.
[/info]

## Step 3: Create an escalation policy in your Incidents team

This team and its policy are for when an alert is confirmed to be a real incident. You can use your main team for this policy.

2. In the team responsible for resolving the incidents, navigate to **[Escalation policies](https://uptime.betterstack.com/team/0/policies ";_blank")** and click **Create escalation policy**.
3. Name this policy something clear and actionable, like **Declare an Incident** or **Page On-call**.
4. Configure the escalation steps for this policy to alert the on-call person for the **Incidents** team. Use steps that include calls, SMS, or critical push notifications.
5. Click **Create escalation policy**.

![An escalation policy named "Declare an Incident" with steps to call and page the on-call person.](https://imagedelivery.net/xZXo0QFi-1_4Zimer-T0XQ/a16fc37a-017d-47b6-9111-ab83254b8a00/md1x =3268x2166)

## Step 4: The screening and escalation workflow

With the setup complete, your team can now follow this simple workflow:

1. In your [Alerts](https://betterstack.com/docs/logs/dashboards/alerts/), set escalation to **Alerts team -> New Alert Policy**. No one will be paged.
2. A team member in the **Alerts team** reviews the incoming alerts on the **[Incidents](https://uptime.betterstack.com/team/0/incidents ";_blank")** page.
3. When an alert requires immediate attention, open its incident detail page.
4. Click the **Escalate to** button in the top-right corner.
5. In the modal that appears, select the **Declare an Incident** escalation policy.
6. Click **Escalate**.

![The incident detail page with the "Escalate to" button highlighted.](https://imagedelivery.net/xZXo0QFi-1_4Zimer-T0XQ/da59b944-a9fe-4a6c-3cb6-2f4030a04200/md1x =3488x2124)

This action triggers the **Declare an Incident** policy, paging the on-call engineer from the **Incidents team** and starting your incident response process.

## Summary

By separating alerts from incidents, you empower your team to manage notifications effectively. This two-team setup reduces noise, prevents alert fatigue, and creates a clear, intentional process for declaring and responding to critical incidents.