Skip to main content

Linea AI Incidents

Linea AI streamlines incident response by:

  • Generating clear, concise natural-language summaries for every incident.
  • Automatically creating incidents for actions analyzed as Critical or High severity.
  • Assigning a risk level to each incident so the most urgent items can be triaged first.

Incident Creation

By default, monitoring policies are configured to allow Linea AI to determine incident creation. When an event matches such a policy, Linea AI evaluates the risk level. If the risk is assessed as Critical or High, an incident is automatically generated.

Incident summary

Linea AI produces natural-language summaries that give analysts immediate context and highlight the severity of potential risks, helping teams respond faster.

Summary view

On the Incidents page, expand an incident to see the AI-generated summary. It outlines what happened, who was involved, and why the action matched a policy or triggered anomaly detection.

To view the full details, click Show Details. The detailed view includes:

  • Source and destination locations
  • File metadata (name, format, and contents classification)
  • An assessment of the potential security risk if the file is mishandled
info

Note Linea AI does not reveal the actual contents of files.

Escalation suggestions

Each summary also recommends follow-up actions for incidents with High or Critical severity.

  • Ask the user to explain the incident: Notify the user and request justification.
  • Ask the user’s manager to review the incident: Send a message to the manager for review and a decision.
  • Notify HR about the incident: Alert HR so they can take appropriate next steps.

AI-assessed risk

The underlying LLM evaluates dataset sensitivity, policy severity, and historical data flows to calculate an AI Risk Assessment for every incident. Analysts can filter incidents by this risk level to focus on the most critical items first.

For example, copy-pasting source code to an external GitHub domain receives a higher risk level than moving data within internal systems.

Created by

The Created by column shows which mechanism generated the incident:

  • Policy: A user-defined policy matched the data flow and created the incident.
  • Linea AI: Linea AI autonomously generated the incident after detecting a critically risky flow that no policy covered. When this occurs, the dataset and policy shown in the incident come from a predefined template tied to the detected source and destination categories.
  • AI + Policy: A monitoring policy configured with Let Linea Decide delegated the decision to Linea AI, which created the incident because the event was assessed as having Critical or High AI Risk.