Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
First you need to confirm it is an incident not an event, then you need to apply proper step to ensure it will not expand. You need to protect or preserve evidence from modification and follow on investigation and reporting. Last you need to develop a lessen learn to prevent such incident to reoccur.
incident reporting ( from the users)
second is the first level of incident diagnosis and forwarding to the concerned team ( usually done by help desk).
third is the resolve ( from the concerned team)
fourth is the report from that team if the incident is solved or need participation of other stake holders in case the resolve is temporary and need further attention for future.
There are major four steps/phases of incident response process.
Ref: 800-61 NIST
I would suggest intra would be best fastest creating incident ticket.
Incident logging
Categorization and Prioritization
Escalation
Troubleshooting
Resolution
Service Restoration
Closure
Preparation->Identification->containment->eradication->recovery->lessons learnt
