In Sentinel, a set of related events (for example, a possible attack) can be grouped together to form an incident. An incident in the Open state alerts you to investigate, resolve, and close the incident. For example, the resolution to an attack might be to close a port, block a source IP, or rebuild a machine.