Webinar: The hidden bottlenecks in network incident response

Date: June 2 2026 | Host: BleepingComputer | Speaker: Edgar Ortiz, Solutions Engineering Leader & Computer Scientist, Tines

Why the topic matters now

IT teams are drowning in alerts from monitoring stacks, identity providers, ticketing systems and security platforms. A single network fault can generate dozens of notifications across Splunk, Datadog, Azure AD, ServiceNow and custom scripts. When the pressure mounts, responders are forced to hop between dashboards, copy‑paste logs, and manually assign tickets. Those manual steps add latency, increase the chance of mis‑routing, and often turn a brief hiccup into a multi‑hour outage.

Expert context

Edgar Ortiz has spent the last decade building automated playbooks for large enterprises. At Tines, he leads a team that designs AI‑assisted workflows that stitch together disparate APIs and enrich alerts with context from firewalls, identity logs, and threat intel feeds. "The biggest delay isn’t the technology itself; it’s the human hand‑off between tools," Ortiz explains. "When you can surface the right data at the right time, the team can make a decision without leaving the workflow."

What the webinar will cover

Segment	Key takeaways
Incident evolution	A step‑by‑step walk‑through of how a typical network alert matures into a service impact, illustrated with real‑world ticket timelines.
Where triage breaks	Identification of common choke points – e.g., missing asset tags, stale ownership maps, and fragmented enrichment pipelines.
Automated enrichment	Demonstrations of pulling NetFlow, DNS logs, and identity risk scores into a single view using Tines’ visual playbook builder.
Prioritization & routing	Rules‑based and ML‑driven scoring models that auto‑assign incidents to the correct on‑call engineer or response team.
From fragmentation to coordination	Blueprint for a unified response hub that closes the loop between monitoring, ticketing, and remediation tools.

Practical advice you can apply today

1. Consolidate alert sources – Use a central aggregation point (e.g., a webhook collector) that normalizes payloads before they hit your ticketing system.
2. Enrich at ingestion – Pull asset inventory, vulnerability status, and recent user activity into the alert payload. A simple Python script or a Tines action can query CMDB APIs and add that data automatically.
3. Define routing rules – Map services to owners in a JSON file and let your automation engine match the alert’s service_id to the correct on‑call rotation.
4. Implement confidence scoring – Combine threat intel severity, affected asset criticality, and recent change history into a numeric score; let the score dictate escalation paths.
5. Close the feedback loop – After remediation, automatically update the original alert with resolution details and post‑mortem links, ensuring future analysts have full context.

How AI assists the workflow

• Natural‑language parsing – Large language models can extract actionable fields from free‑form log snippets, reducing manual parsing.
• Anomaly detection – Unsupervised models flag out‑of‑band traffic patterns that merit immediate attention, feeding the workflow before a human even sees the alert.
• Suggested playbooks – Based on incident type, the system can surface a pre‑built Tines playbook that orchestrates firewall rule changes, DNS updates, and ticket creation in seconds.

Who should attend

• Network operations engineers struggling with alert fatigue
• Security analysts looking to tighten coordination between SOC and NOC
• IT managers responsible for SLA compliance
• Automation architects evaluating low‑code orchestration platforms

Register now

Secure your spot and get a downloadable cheat sheet that maps common network incident stages to automation actions. Register here.

---

BleepingComputer will host the live session on June 2 2026 at 10 AM PT. Recordings will be available for registered participants.