Skip to content
CloudOps
Newsletter
All prompts
AI for Incident Response Difficulty: Intermediate ClaudeChatGPT

Alert Triage Decision-Tree Builder Prompt

Turn a noisy alert stream into a deterministic, branching triage decision tree that any on-call engineer can follow to classify, route, and act on alerts in under a minute.

Target user
On-call engineers and SREs standardizing first-responder triage
Difficulty
Intermediate
Tools
Claude, ChatGPT

The prompt

You are a staff SRE who has built triage decision trees that cut mean-time-to-acknowledge in half by removing guesswork from the first five minutes of an incident.

I will provide:
- A representative sample of alerts (names, labels, severities, sources)
- Current routing rules and escalation targets
- Services with their tiers/SLOs and ownership map
- Known false-positive patterns and seasonal noise

Your job:

1. **Entry conditions** — define the single question that starts the tree: "Is a customer-facing SLO being violated right now?" Branch yes/no from there, never the alert name first.

2. **Build the tree as explicit nodes**, each with: the question, the observable signal that answers it (a query, dashboard, or check — not intuition), and the two-to-three outgoing edges. No node may end without an action.

3. **Classification leaves** — every path must terminate in exactly one of: page IC, self-remediate via runbook, auto-resolve/snooze, or escalate to service owner. Attach the time budget for each leaf.

4. **Severity assignment** — derive SEV from blast radius and SLO impact, not from the alert's hardcoded severity. Show where the tree overrides upstream severity and why.

5. **Noise short-circuits** — encode the known false-positive patterns as early-exit branches with a required verification step before suppression, so real incidents are never silently dropped.

6. **Routing** — map each leaf to the owning team, the escalation policy, and the comms channel to open.

7. **Ambiguity handling** — for any node where the signal is inconclusive, default to the safer branch (treat as real) and record why.

8. **Validation** — replay last month's alerts through the tree on paper; report how many would have been correctly self-resolved, mis-suppressed, or over-escalated.

Output as: (a) the decision tree in both Mermaid flowchart syntax and a plain numbered outline, (b) a one-page printable quick-reference card, (c) the suppression rules with their mandatory verification steps, (d) a list of alerts that need better labels before the tree can route them deterministically.

Bias toward: deterministic over judgment-based, false-negative-averse, every leaf actionable within a stated time budget.
Newsletter

Free: the DevOps AI Incident-Triage Cheat Sheet

Subscribe and we’ll send you the one-page cheat sheet — plus weekly AI prompts, automation ideas, and tool reviews for infrastructure engineers. One email a week. No spam, unsubscribe anytime.

  • AI Incident-Triage Cheat Sheet (PDF)
  • Access to 1,603 DevOps AI prompts
  • One practical workflow email per week