From 7bf3c836c50104906e2f3d79ecd52e1c960b7ba1 Mon Sep 17 00:00:00 2001
From: Tal <tal@keephq.dev>
Date: Mon, 21 Oct 2024 16:20:21 +0300
Subject: [PATCH 1/2] feat(incident): activity tab (#2185)

Signed-off-by: Tal <tal@keephq.dev>
Signed-off-by: Tal <talboren2@gmail.com>
Co-authored-by: Shahar Glazner <shaharglazner@gmail.com>
Co-authored-by: Kirill Chernakov <yakiryous@gmail.com>
---
 keep-ui/app/alerts/alert-timeline.tsx         |   6 +-
 .../app/incidents/[id]/incident-activity.css  |  53 ++++
 .../app/incidents/[id]/incident-activity.tsx  | 263 ++++++++++++++++++
 keep-ui/app/incidents/[id]/incident-info.tsx  | 176 ++++++++----
 keep-ui/app/incidents/[id]/incident.tsx       |  19 +-
 keep-ui/app/settings/auth/users-table.tsx     |  23 +-
 keep-ui/app/topology/model/useTopology.ts     |  23 +-
 .../topology/model/useTopologyApplications.ts |  14 +-
 keep-ui/components/navbar/UserAvatar.tsx      |  29 ++
 keep-ui/components/navbar/UserInfo.tsx        |  22 +-
 keep-ui/utils/hooks/useAlerts.ts              |   9 +-
 keep-ui/utils/hooks/useDashboards.ts          |   5 +-
 keep-ui/utils/hooks/useIncidents.ts           |  41 ++-
 keep-ui/utils/hooks/useWorkflowExecutions.ts  |   6 +-
 keep/api/core/db.py                           | 200 +++++++------
 keep/api/models/db/alert.py                   |  12 +-
 keep/api/routes/incidents.py                  |  61 +++-
 17 files changed, 741 insertions(+), 221 deletions(-)
 create mode 100644 keep-ui/app/incidents/[id]/incident-activity.css
 create mode 100644 keep-ui/app/incidents/[id]/incident-activity.tsx
 create mode 100644 keep-ui/components/navbar/UserAvatar.tsx

diff --git a/keep-ui/app/alerts/alert-timeline.tsx b/keep-ui/app/alerts/alert-timeline.tsx
index db584d624..02fe484e0 100644
--- a/keep-ui/app/alerts/alert-timeline.tsx
+++ b/keep-ui/app/alerts/alert-timeline.tsx
@@ -5,11 +5,7 @@ import Image from "next/image";
 import { ArrowPathIcon } from "@heroicons/react/24/outline";
 import { AlertDto } from "./models";
 import { AuditEvent } from "utils/hooks/useAlerts";
-
-const getInitials = (name: string) =>
-  ((name.match(/(^\S\S?|\b\S)?/g) ?? []).join("").match(/(^\S|\S$)?/g) ?? [])
-    .join("")
-    .toUpperCase();
+import { getInitials } from "@/components/navbar/UserAvatar";
 
 const formatTimestamp = (timestamp: Date | string) => {
   const date = new Date(timestamp);
diff --git a/keep-ui/app/incidents/[id]/incident-activity.css b/keep-ui/app/incidents/[id]/incident-activity.css
new file mode 100644
index 000000000..5b4fc518d
--- /dev/null
+++ b/keep-ui/app/incidents/[id]/incident-activity.css
@@ -0,0 +1,53 @@
+.using-icon {
+  width: unset !important;
+  height: unset !important;
+  background: none !important;
+}
+
+.rc-card {
+  filter: unset !important;
+}
+
+.active {
+  color: unset !important;
+  background: unset !important;
+  border: unset !important;
+}
+
+:focus {
+  outline: unset !important;
+}
+
+li[class^="VerticalItemWrapper-"] {
+  margin: unset !important;
+}
+
+[class^="TimelineTitleWrapper-"] {
+  display: none !important;
+}
+
+[class^="TimelinePointWrapper-"] {
+  width: 5% !important;
+}
+
+[class^="TimelineVerticalWrapper-"]
+  li
+  [class^="TimelinePointWrapper-"]::before {
+  background: lightgray !important;
+  width: 0.5px;
+}
+
+[class^="TimelineVerticalWrapper-"] li [class^="TimelinePointWrapper-"]::after {
+  background: lightgray !important;
+  width: 0.5px;
+}
+
+[class^="TimelineVerticalWrapper-"]
+  li:nth-of-type(1)
+  [class^="TimelinePointWrapper-"]::before {
+  display: none;
+}
+
+.vertical-item-row {
+  justify-content: unset !important;
+}
diff --git a/keep-ui/app/incidents/[id]/incident-activity.tsx b/keep-ui/app/incidents/[id]/incident-activity.tsx
new file mode 100644
index 000000000..2ab11e50f
--- /dev/null
+++ b/keep-ui/app/incidents/[id]/incident-activity.tsx
@@ -0,0 +1,263 @@
+import { AlertDto } from "@/app/alerts/models";
+import { IncidentDto } from "../models";
+import { Chrono } from "react-chrono";
+import { useUsers } from "@/utils/hooks/useUsers";
+import Image from "next/image";
+import UserAvatar from "@/components/navbar/UserAvatar";
+import "./incident-activity.css";
+import AlertSeverity from "@/app/alerts/alert-severity";
+import TimeAgo from "react-timeago";
+import { Button, TextInput } from "@tremor/react";
+import {
+  useIncidentAlerts,
+  usePollIncidentComments,
+} from "@/utils/hooks/useIncidents";
+import { AuditEvent, useAlerts } from "@/utils/hooks/useAlerts";
+import Loading from "@/app/loading";
+import { useCallback, useState, useEffect } from "react";
+import { getApiURL } from "@/utils/apiUrl";
+import { useSession } from "next-auth/react";
+import { KeyedMutator } from "swr";
+import { toast } from "react-toastify";
+
+interface IncidentActivity {
+  id: string;
+  type: "comment" | "alert" | "newcomment";
+  text?: string;
+  timestamp: string;
+  initiator?: string | AlertDto;
+}
+
+export function IncidentActivityChronoItem({ activity }: { activity: any }) {
+  const title =
+    typeof activity.initiator === "string"
+      ? activity.initiator
+      : activity.initiator?.name;
+  const subTitle =
+    typeof activity.initiator === "string"
+      ? " Added a comment. "
+      : (activity.initiator?.status === "firing" ? " triggered" : " resolved") +
+        ". ";
+  return (
+    <div className="relative h-full w-full flex items-center">
+      {activity.type === "alert" && (
+        <AlertSeverity
+          severity={(activity.initiator as AlertDto).severity}
+          marginLeft={false}
+        />
+      )}
+      <span className="font-semibold mr-2.5">{title}</span>
+      <span className="text-gray-300">
+        {subTitle} <TimeAgo date={activity.timestamp + "Z"} />
+      </span>
+      {activity.text && (
+        <div className="absolute top-14 font-light text-gray-800">
+          {activity.text}
+        </div>
+      )}
+    </div>
+  );
+}
+
+
+export function IncidentActivityChronoItemComment({
+  incident,
+  mutator,
+}: {
+  incident: IncidentDto;
+  mutator: KeyedMutator<AuditEvent[]>;
+}) {
+  const [comment, setComment] = useState("");
+  const apiUrl = getApiURL();
+  const { data: session } = useSession();
+
+  const onSubmit = useCallback(async () => {
+    const response = await fetch(`${apiUrl}/incidents/${incident.id}/comment`, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${session?.accessToken}`,
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        status: incident.status,
+        comment: comment,
+      }),
+    });
+    if (response.ok) {
+      toast.success("Comment added!", { position: "top-right" });
+      setComment("");
+      mutator();
+    } else {
+      toast.error("Failed to add comment", { position: "top-right" });
+    }
+  }, [
+    apiUrl,
+    incident.id,
+    incident.status,
+    comment,
+    session?.accessToken,
+    mutator,
+  ]);
+
+  const handleKeyDown = useCallback(
+    (event: KeyboardEvent) => {
+      if (
+        event.key === "Enter" &&
+        (event.metaKey || event.ctrlKey) &&
+        comment
+      ) {
+        onSubmit();
+      }
+    },
+    [onSubmit, comment]
+  );
+
+  useEffect(() => {
+    window.addEventListener("keydown", handleKeyDown);
+    return () => {
+      window.removeEventListener("keydown", handleKeyDown);
+    };
+  }, [comment, handleKeyDown]);
+
+  return (
+    <div className="flex h-full w-full relative items-center">
+      <TextInput
+        value={comment}
+        onValueChange={setComment}
+        placeholder="Add a new comment..."
+      />
+      <Button
+        color="orange"
+        variant="secondary"
+        className="ml-2.5"
+        disabled={!comment}
+        onClick={onSubmit}
+      >
+        Comment
+      </Button>
+    </div>
+  );
+}
+
+export default function IncidentActivity({
+  incident,
+}: {
+  incident: IncidentDto;
+}) {
+  const { data: session } = useSession();
+  const { useMultipleFingerprintsAlertAudit, useAlertAudit } = useAlerts();
+  const { data: alerts, isLoading: alertsLoading } = useIncidentAlerts(
+    incident.id
+  );
+  const { data: auditEvents, isLoading: auditEventsLoading } =
+    useMultipleFingerprintsAlertAudit(alerts?.items.map((m) => m.fingerprint));
+  const {
+    data: incidentEvents,
+    isLoading: incidentEventsLoading,
+    mutate: mutateIncidentActivity,
+  } = useAlertAudit(incident.id);
+
+  const { data: users, isLoading: usersLoading } = useUsers();
+  usePollIncidentComments(incident.id);
+
+  if (
+    usersLoading ||
+    incidentEventsLoading ||
+    auditEventsLoading ||
+    alertsLoading
+  )
+    return <Loading />;
+
+  const newCommentActivity = {
+    id: "newcomment",
+    type: "newcomment",
+    timestamp: new Date().toISOString(),
+    initiator: session?.user.email,
+  };
+
+  const auditActivities =
+    auditEvents
+      ?.concat(incidentEvents || [])
+      .sort(
+        (a, b) =>
+          new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime()
+      )
+      .map((auditEvent) => {
+        const _type =
+          auditEvent.action === "A comment was added to the incident" // @tb: I wish this was INCIDENT_COMMENT and not the text..
+            ? "comment"
+            : "alert";
+        return {
+          id: auditEvent.id,
+          type: _type,
+          initiator:
+            _type === "comment"
+              ? auditEvent.user_id
+              : alerts?.items.find(
+                  (a) => a.fingerprint === auditEvent.fingerprint
+                ),
+          text: _type === "comment" ? auditEvent.description : "",
+          timestamp: auditEvent.timestamp,
+        } as IncidentActivity;
+      }) || [];
+
+  const activities = [newCommentActivity, ...auditActivities];
+
+  const chronoContent = activities?.map((activity, index) =>
+    activity.type === "newcomment" ? (
+      <IncidentActivityChronoItemComment
+        mutator={mutateIncidentActivity}
+        incident={incident}
+        key={activity.id}
+      />
+    ) : (
+      <IncidentActivityChronoItem key={activity.id} activity={activity} />
+    )
+  );
+  const chronoIcons = activities?.map((activity, index) => {
+    if (activity.type === "comment" || activity.type === "newcomment") {
+      const user = users?.find((user) => user.email === activity.initiator);
+      return (
+        <UserAvatar
+          key={`icon-${activity.id}`}
+          image={user?.picture}
+          name={user?.name ?? user?.email ?? (activity.initiator as string)}
+        />
+      );
+    } else {
+      const source = (activity.initiator as AlertDto).source[0];
+      const imagePath = `/icons/${source}-icon.png`;
+      return (
+        <Image
+          key={`icon-${activity.id}`}
+          alt={source}
+          height={24}
+          width={24}
+          title={source}
+          src={imagePath}
+        />
+      );
+    }
+  });
+
+  return (
+    <Chrono
+      items={activities?.map((activity) => ({
+        id: activity.id,
+        title: activity.timestamp,
+      }))}
+      hideControls
+      disableToolbar
+      borderLessCards={true}
+      slideShow={false}
+      mode="VERTICAL"
+      cardWidth={600}
+      cardHeight={100}
+      allowDynamicUpdate={true}
+      disableAutoScrollOnClick={true}
+    >
+      {chronoContent}
+      <div className="chrono-icons">{chronoIcons}</div>
+    </Chrono>
+  );
+}
diff --git a/keep-ui/app/incidents/[id]/incident-info.tsx b/keep-ui/app/incidents/[id]/incident-info.tsx
index b8b1314de..87c9c35fe 100644
--- a/keep-ui/app/incidents/[id]/incident-info.tsx
+++ b/keep-ui/app/incidents/[id]/incident-info.tsx
@@ -1,10 +1,13 @@
-import {Badge, Button, Icon, Title} from "@tremor/react";
+import { Badge, Button, Icon, Title } from "@tremor/react";
 import { IncidentDto } from "../models";
 import CreateOrUpdateIncident from "../create-or-update-incident";
 import Modal from "@/components/ui/Modal";
 import React, { useState } from "react";
-import {MdBlock, MdDone, MdModeEdit, MdPlayArrow} from "react-icons/md";
-import { useIncident, useIncidentFutureIncidents } from "@/utils/hooks/useIncidents";
+import { MdBlock, MdDone, MdModeEdit, MdPlayArrow } from "react-icons/md";
+import {
+  useIncident,
+  useIncidentFutureIncidents,
+} from "@/utils/hooks/useIncidents";
 
 import {
   deleteIncident,
@@ -19,7 +22,7 @@ import classNames from "classnames";
 import { IoChevronDown } from "react-icons/io5";
 import IncidentChangeStatusModal from "@/app/incidents/incident-change-status-modal";
 import ChangeSameIncidentInThePast from "@/app/incidents/incident-change-same-in-the-past";
-import {STATUS_ICONS} from "@/app/incidents/statuses";
+import { STATUS_ICONS } from "@/app/incidents/statuses";
 import remarkRehype from "remark-rehype";
 import rehypeRaw from "rehype-raw";
 import Markdown from "react-markdown";
@@ -29,11 +32,13 @@ interface Props {
   incident: IncidentDto;
 }
 
-function FollowingIncident({incidentId}: {incidentId: string}) {
+function FollowingIncident({ incidentId }: { incidentId: string }) {
   const { data: incident } = useIncident(incidentId);
   return (
     <div>
-      <a className="text-orange-500" href={'/incidents/' + incidentId}>{incident?.user_generated_name || incident?.ai_generated_name}</a>
+      <a className="text-orange-500" href={"/incidents/" + incidentId}>
+        {incident?.user_generated_name || incident?.ai_generated_name}
+      </a>
     </div>
   );
 }
@@ -49,13 +54,11 @@ function Summary({
   collapsable?: boolean;
   className?: string;
 }) {
-
-  const formatedSummary = <Markdown
-      remarkPlugins={[remarkRehype]}
-      rehypePlugins={[rehypeRaw]}
-    >
+  const formatedSummary = (
+    <Markdown remarkPlugins={[remarkRehype]} rehypePlugins={[rehypeRaw]}>
       {summary}
     </Markdown>
+  );
 
   if (collapsable) {
     return (
@@ -125,7 +128,10 @@ export default function IncidentInformation({ incident }: Props) {
     setChangeStatusIncident(incident);
   };
 
-  const handleChangeSameIncidentInThePast = (e: React.MouseEvent, incident: IncidentDto) => {
+  const handleChangeSameIncidentInThePast = (
+    e: React.MouseEvent,
+    incident: IncidentDto
+  ) => {
     e.preventDefault();
     e.stopPropagation();
     setChangeSameIncidentInThePast(incident);
@@ -133,8 +139,12 @@ export default function IncidentInformation({ incident }: Props) {
 
   const formatString = "dd, MMM yyyy - HH:mm.ss 'UTC'";
   const summary = incident.user_summary || incident.generated_summary;
-  const { data: same_incident_in_the_past } = useIncident(incident.same_incident_in_the_past_id);
-  const { data: same_incidents_in_the_future } = useIncidentFutureIncidents(incident.id);
+  const { data: same_incident_in_the_past } = useIncident(
+    incident.same_incident_in_the_past_id
+  );
+  const { data: same_incidents_in_the_future } = useIncidentFutureIncidents(
+    incident.id
+  );
 
   const severity = incident.severity;
   let severityColor;
@@ -150,19 +160,18 @@ export default function IncidentInformation({ incident }: Props) {
             {incident.is_confirmed ? "⚔️ " : "Possible "}Incident
           </Title>
           <Button
-              color="orange"
-              size="xs"
-              variant="secondary"
-              icon={MdPlayArrow}
-              tooltip="Run Workflow"
-              onClick={(e: React.MouseEvent) => {
-                e.preventDefault();
-                e.stopPropagation();
-                handleRunWorkflow();
-              }}
-            />
+            color="orange"
+            size="xs"
+            variant="secondary"
+            icon={MdPlayArrow}
+            tooltip="Run Workflow"
+            onClick={(e: React.MouseEvent) => {
+              e.preventDefault();
+              e.stopPropagation();
+              handleRunWorkflow();
+            }}
+          />
           {incident.is_confirmed && (
-
             <Button
               color="orange"
               size="xs"
@@ -227,7 +236,9 @@ export default function IncidentInformation({ incident }: Props) {
           />
         </div>
         <div className="prose-2xl flex gap-2 items-center">
-          <Badge color={severityColor} className="capitalize">{incident.severity}</Badge>
+          <Badge color={severityColor} className="capitalize">
+            {incident.severity}
+          </Badge>
           <span>
             {incident.user_generated_name || incident.ai_generated_name}
           </span>
@@ -235,7 +246,10 @@ export default function IncidentInformation({ incident }: Props) {
         <div>
           <h3 className="text-gray-500 text-sm">Status</h3>
           <div>
-            <div onClick={(e) => handleChangeStatus(e, incident)} className="capitalize flex-grow-0 inline-flex items-center cursor-pointer">
+            <div
+              onClick={(e) => handleChangeStatus(e, incident)}
+              className="capitalize flex-grow-0 inline-flex items-center cursor-pointer"
+            >
               {STATUS_ICONS[incident.status]} {incident.status}
             </div>
           </div>
@@ -252,37 +266,75 @@ export default function IncidentInformation({ incident }: Props) {
         </div>
         <div>
           <h3 className="text-gray-500 text-sm">Assignee</h3>
-          {incident.assignee ? <p>{incident.assignee}</p> : <p>No assignee yet</p>}
+          {incident.assignee ? (
+            <p>{incident.assignee}</p>
+          ) : (
+            <p>No assignee yet</p>
+          )}
         </div>
         <div>
-            <div className="flex flex-row gap-4">
-              <div>          
-                <h3 className="text-gray-500 text-sm">Same incident in the past</h3>
-                  {same_incident_in_the_past ? 
-                  <p><a className="text-orange-500" href={'/incidents/' + same_incident_in_the_past.id}>{same_incident_in_the_past.user_generated_name || same_incident_in_the_past.ai_generated_name}</a> (<a href="#" onClick={(e) => handleChangeSameIncidentInThePast(e, incident)} className="cursor-pointer text-orange-500">edit</a>)</p> : 
-                  <p>No linked incidents. Link same incident from the past to help the AI classifier. 🤔(<a onClick={(e) => handleChangeSameIncidentInThePast(e, incident)} className="cursor-pointer text-orange-500">link</a>)</p>}
-              </div>
-              <div>
-
-              </div>
+          <div className="flex flex-row gap-4">
+            <div>
+              <h3 className="text-gray-500 text-sm">
+                Same incident in the past
+              </h3>
+              {same_incident_in_the_past ? (
+                <p>
+                  <a
+                    className="text-orange-500"
+                    href={"/incidents/" + same_incident_in_the_past.id}
+                  >
+                    {same_incident_in_the_past.user_generated_name ||
+                      same_incident_in_the_past.ai_generated_name}
+                  </a>{" "}
+                  (
+                  <a
+                    href="#"
+                    onClick={(e) =>
+                      handleChangeSameIncidentInThePast(e, incident)
+                    }
+                    className="cursor-pointer text-orange-500"
+                  >
+                    edit
+                  </a>
+                  )
+                </p>
+              ) : (
+                <p>
+                  No linked incidents. Link same incident from the past to help
+                  the AI classifier. 🤔 (
+                  <a
+                    onClick={(e) =>
+                      handleChangeSameIncidentInThePast(e, incident)
+                    }
+                    className="cursor-pointer text-orange-500"
+                  >
+                    click to link
+                  </a>
+                  )
+                </p>
+              )}
             </div>
-              {same_incidents_in_the_future && same_incidents_in_the_future.items.length > 0 && (
-                <div>
-                  <h3 className="text-gray-500 text-sm">Following Incidents</h3>
-                  <ul>
-                    {same_incidents_in_the_future.items.map((item) => (
+            <div></div>
+          </div>
+          {same_incidents_in_the_future &&
+            same_incidents_in_the_future.items.length > 0 && (
+              <div>
+                <h3 className="text-gray-500 text-sm">Following Incidents</h3>
+                <ul>
+                  {same_incidents_in_the_future.items.map((item) => (
                     <li key={item.id}>
                       <FollowingIncident incidentId={item.id} />
                     </li>
-                    ))}
-                  </ul>
-                </div>
-              )}
+                  ))}
+                </ul>
+              </div>
+            )}
         </div>
         <div className="flex gap-4">
           {!!incident.start_time && (
             <div>
-              <h3 className="text-gray-500 text-sm">Started at</h3> 
+              <h3 className="text-gray-500 text-sm">Started at</h3>
               <p className="">
                 {format(new Date(incident.start_time), formatString)}
               </p>
@@ -316,18 +368,20 @@ export default function IncidentInformation({ incident }: Props) {
         />
       </Modal>
 
-      {changeSameIncidentInThePast ? <Modal
-        isOpen={changeSameIncidentInThePast !== null}
-        onClose={() => setChangeSameIncidentInThePast(null)}
-        title="Link to the same incident in the past"
-        className="w-[600px]"
-      >
-        <ChangeSameIncidentInThePast
-          incident={changeSameIncidentInThePast}
-          mutate={mutate}
-          handleClose={() => setChangeSameIncidentInThePast(null)}
-        />
-        </Modal> : null}
+      {changeSameIncidentInThePast ? (
+        <Modal
+          isOpen={changeSameIncidentInThePast !== null}
+          onClose={() => setChangeSameIncidentInThePast(null)}
+          title="Link to the same incident in the past"
+          className="w-[600px]"
+        >
+          <ChangeSameIncidentInThePast
+            incident={changeSameIncidentInThePast}
+            mutate={mutate}
+            handleClose={() => setChangeSameIncidentInThePast(null)}
+          />
+        </Modal>
+      ) : null}
 
       <IncidentChangeStatusModal
         incident={changeStatusIncident}
diff --git a/keep-ui/app/incidents/[id]/incident.tsx b/keep-ui/app/incidents/[id]/incident.tsx
index b8cfd78c7..a83360b73 100644
--- a/keep-ui/app/incidents/[id]/incident.tsx
+++ b/keep-ui/app/incidents/[id]/incident.tsx
@@ -13,7 +13,6 @@ import {
   Title,
 } from "@tremor/react";
 import IncidentAlerts from "./incident-alerts";
-import { useRouter } from "next/navigation";
 import IncidentTimeline from "./incident-timeline";
 import { CiBellOn, CiChat2, CiViewTimeline } from "react-icons/ci";
 import { IoIosGitNetwork } from "react-icons/io";
@@ -23,6 +22,8 @@ import IncidentWorkflowTable from "./incident-workflow-table";
 import { TopologyMap } from "@/app/topology/ui/map";
 import { TopologySearchProvider } from "@/app/topology/TopologySearchContext";
 import { useState } from "react";
+import { FiActivity } from "react-icons/fi";
+import IncidentActivity from "./incident-activity";
 
 interface Props {
   incidentId: string;
@@ -33,8 +34,6 @@ export default function IncidentView({ incidentId }: Props) {
   const { data: incident, isLoading, error } = useIncident(incidentId);
   const [index, setIndex] = useState(0);
 
-  const router = useRouter();
-
   if (isLoading || !incident) return <Loading />;
   if (error) return <Title>Incident does not exist.</Title>;
 
@@ -56,6 +55,15 @@ export default function IncidentView({ incidentId }: Props) {
             color="orange"
             className="sticky xl:-top-10 -top-4 bg-white z-10"
           >
+            <Tab icon={FiActivity}>
+              Activity
+              <Badge
+                color="green"
+                className="ml-1.5 text-xs px-1 py-0.5 -my-0.5 pointer-events-none"
+              >
+                New
+              </Badge>
+            </Tab>
             <Tab icon={CiBellOn}>Alerts</Tab>
             <Tab icon={CiViewTimeline}>Timeline</Tab>
             <Tab icon={IoIosGitNetwork}>Topology</Tab>
@@ -71,13 +79,16 @@ export default function IncidentView({ incidentId }: Props) {
             </Tab>
           </TabList>
           <TabPanels>
+            <TabPanel className="pt-3 max-h-[calc(100vh-37rem)] overflow-y-scroll">
+              <IncidentActivity incident={incident} />
+            </TabPanel>
             <TabPanel>
               <IncidentAlerts incident={incident} />
             </TabPanel>
             <TabPanel>
               <IncidentTimeline incident={incident} />
             </TabPanel>
-            <TabPanel className="pt-3 h-[calc(100vh-28rem)]">
+            <TabPanel className="pt-3 h-[calc(100vh-37rem)]">
               <TopologySearchProvider>
                 <TopologyMap
                   services={incident.services}
diff --git a/keep-ui/app/settings/auth/users-table.tsx b/keep-ui/app/settings/auth/users-table.tsx
index 04334c196..5859402b6 100644
--- a/keep-ui/app/settings/auth/users-table.tsx
+++ b/keep-ui/app/settings/auth/users-table.tsx
@@ -1,4 +1,4 @@
-import React from 'react';
+import React from "react";
 import {
   Table,
   TableBody,
@@ -13,8 +13,8 @@ import {
 import Image from "next/image";
 import { TrashIcon } from "@heroicons/react/24/outline";
 import { AuthenticationType } from "utils/authenticationType";
-import { getInitials } from "components/navbar/UserInfo";
 import { User } from "app/settings/models";
+import { getInitials } from "@/components/navbar/UserAvatar";
 
 interface UsersTableProps {
   users: User[];
@@ -33,7 +33,7 @@ export function UsersTable({
   onRowClick,
   onDeleteUser,
   isDisabled = false,
-  groupsAllowed = true
+  groupsAllowed = true,
 }: UsersTableProps) {
   return (
     <Table>
@@ -41,13 +41,16 @@ export function UsersTable({
         <TableRow>
           <TableHeaderCell className="w-1/24">{/** Image */}</TableHeaderCell>
           <TableHeaderCell className="w-3/12">
-            {authType === AuthenticationType.AUTH0 || authType === AuthenticationType.KEYCLOAK
+            {authType === AuthenticationType.AUTH0 ||
+            authType === AuthenticationType.KEYCLOAK
               ? "Email"
               : "Username"}
           </TableHeaderCell>
           <TableHeaderCell className="w-2/12">Name</TableHeaderCell>
           <TableHeaderCell className="w-1/12">Role</TableHeaderCell>
-          {groupsAllowed && <TableHeaderCell className="w-3/12">Groups</TableHeaderCell>}
+          {groupsAllowed && (
+            <TableHeaderCell className="w-3/12">Groups</TableHeaderCell>
+          )}
           <TableHeaderCell className="w-2/12">Last Login</TableHeaderCell>
           <TableHeaderCell className="w-1/12"></TableHeaderCell>
         </TableRow>
@@ -84,9 +87,7 @@ export function UsersTable({
               <div className="flex items-center justify-between">
                 <Text className="truncate">{user.email}</Text>
                 <div className="ml-2">
-                  {user.ldap && (
-                    <Badge color="orange">LDAP</Badge>
-                  )}
+                  {user.ldap && <Badge color="orange">LDAP</Badge>}
                 </div>
               </div>
             </TableCell>
@@ -119,7 +120,11 @@ export function UsersTable({
               </TableCell>
             )}
             <TableCell className="w-2/12">
-              <Text>{user.last_login ? new Date(user.last_login).toLocaleString() : "Never"}</Text>
+              <Text>
+                {user.last_login
+                  ? new Date(user.last_login).toLocaleString()
+                  : "Never"}
+              </Text>
             </TableCell>
             <TableCell className="w-1/12">
               {!isDisabled && user.email !== currentUserEmail && !user.ldap && (
diff --git a/keep-ui/app/topology/model/useTopology.ts b/keep-ui/app/topology/model/useTopology.ts
index e31bad4b0..ee57a78ae 100644
--- a/keep-ui/app/topology/model/useTopology.ts
+++ b/keep-ui/app/topology/model/useTopology.ts
@@ -1,6 +1,6 @@
 import { TopologyService } from "@/app/topology/model/models";
 import { useSession } from "next-auth/react";
-import useSWR from "swr";
+import useSWR, { SWRConfiguration } from "swr";
 import { getApiURL } from "@/utils/apiUrl";
 import { fetcher } from "@/utils/fetcher";
 import { useEffect } from "react";
@@ -14,15 +14,23 @@ type UseTopologyOptions = {
   services?: string[];
   environment?: string;
   initialData?: TopologyService[];
+  options?: SWRConfiguration;
 };
 
 // TODO: ensure that hook is memoized so could be used multiple times in the tree without rerenders
-export const useTopology = ({
-  providerIds,
-  services,
-  environment,
-  initialData: fallbackData,
-}: UseTopologyOptions = {}) => {
+export const useTopology = (
+  {
+    providerIds,
+    services,
+    environment,
+    initialData: fallbackData,
+    options,
+  }: UseTopologyOptions = {
+    options: {
+      revalidateOnFocus: false,
+    },
+  }
+) => {
   const { data: session } = useSession();
   const pollTopology = useTopologyPollingContext();
 
@@ -35,6 +43,7 @@ export const useTopology = ({
     (url: string) => fetcher(url, session!.accessToken),
     {
       fallbackData,
+      ...options,
     }
   );
 
diff --git a/keep-ui/app/topology/model/useTopologyApplications.ts b/keep-ui/app/topology/model/useTopologyApplications.ts
index 524a4b79c..93da4e5f8 100644
--- a/keep-ui/app/topology/model/useTopologyApplications.ts
+++ b/keep-ui/app/topology/model/useTopologyApplications.ts
@@ -1,6 +1,6 @@
 import { TopologyApplication } from "./models";
 import { getApiURL } from "@/utils/apiUrl";
-import useSWR from "swr";
+import useSWR, { SWRConfiguration } from "swr";
 import { fetcher } from "@/utils/fetcher";
 import { useSession } from "next-auth/react";
 import { useCallback, useMemo } from "react";
@@ -9,11 +9,16 @@ import { useRevalidateMultiple } from "@/utils/state";
 
 type UseTopologyApplicationsOptions = {
   initialData?: TopologyApplication[];
+  options?: SWRConfiguration;
 };
 
-export function useTopologyApplications({
-  initialData,
-}: UseTopologyApplicationsOptions = {}) {
+export function useTopologyApplications(
+  { initialData, options }: UseTopologyApplicationsOptions = {
+    options: {
+      revalidateOnFocus: false,
+    },
+  }
+) {
   const apiUrl = getApiURL();
   const { data: session } = useSession();
   const revalidateMultiple = useRevalidateMultiple();
@@ -24,6 +29,7 @@ export function useTopologyApplications({
     (url: string) => fetcher(url, session!.accessToken),
     {
       fallbackData: initialData,
+      ...options,
     }
   );
 
diff --git a/keep-ui/components/navbar/UserAvatar.tsx b/keep-ui/components/navbar/UserAvatar.tsx
new file mode 100644
index 000000000..d90300363
--- /dev/null
+++ b/keep-ui/components/navbar/UserAvatar.tsx
@@ -0,0 +1,29 @@
+import Image from "next/image";
+
+interface Props {
+  image: string | null | undefined;
+  name: string;
+}
+
+export const getInitials = (name: string) =>
+  ((name.match(/(^\S\S?|\b\S)?/g) ?? []).join("").match(/(^\S|\S$)?/g) ?? [])
+    .join("")
+    .toUpperCase();
+
+export default function UserAvatar({ image, name }: Props) {
+  return image ? (
+    <Image
+      className="rounded-full w-7 h-7 inline"
+      src={image}
+      alt="user avatar"
+      width={28}
+      height={28}
+    />
+  ) : (
+    <span className="relative inline-flex items-center justify-center w-7 h-7 overflow-hidden bg-orange-400 rounded-full dark:bg-gray-600">
+      <span className="font-medium text-white text-xs">
+        {getInitials(name)}
+      </span>
+    </span>
+  );
+}
diff --git a/keep-ui/components/navbar/UserInfo.tsx b/keep-ui/components/navbar/UserInfo.tsx
index 0af88c1f2..e848579a3 100644
--- a/keep-ui/components/navbar/UserInfo.tsx
+++ b/keep-ui/components/navbar/UserInfo.tsx
@@ -14,11 +14,7 @@ import { VscDebugDisconnect } from "react-icons/vsc";
 import DarkModeToggle from "app/dark-mode-toggle";
 import { useFloating } from "@floating-ui/react";
 import { Icon, Subtitle } from "@tremor/react";
-
-export const getInitials = (name: string) =>
-  ((name.match(/(^\S\S?|\b\S)?/g) ?? []).join("").match(/(^\S|\S$)?/g) ?? [])
-    .join("")
-    .toUpperCase();
+import UserAvatar from "./UserAvatar";
 
 type UserDropdownProps = {
   session: Session;
@@ -38,21 +34,7 @@ const UserDropdown = ({ session }: UserDropdownProps) => {
     <Menu as="li" ref={refs.setReference}>
       <Menu.Button className="flex items-center justify-between w-full text-sm pl-2.5 pr-2 py-1 text-gray-700 hover:bg-stone-200/50 font-medium rounded-lg hover:text-orange-400 focus:ring focus:ring-orange-300 group capitalize">
         <span className="space-x-3 flex items-center w-full">
-          {image ? (
-            <Image
-              className="rounded-full w-7 h-7 inline"
-              src={image}
-              alt="user avatar"
-              width={28}
-              height={28}
-            />
-          ) : (
-            <span className="relative inline-flex items-center justify-center w-7 h-7 overflow-hidden bg-orange-400 rounded-full dark:bg-gray-600">
-              <span className="font-medium text-white text-xs">
-                {getInitials(name ?? email)}
-              </span>
-            </span>
-          )}{" "}
+          <UserAvatar image={image} name={name ?? email} />{" "}
           <Subtitle className="truncate">{name ?? email}</Subtitle>
         </span>
 
diff --git a/keep-ui/utils/hooks/useAlerts.ts b/keep-ui/utils/hooks/useAlerts.ts
index fb2e86dbd..8b0686b62 100644
--- a/keep-ui/utils/hooks/useAlerts.ts
+++ b/keep-ui/utils/hooks/useAlerts.ts
@@ -90,7 +90,10 @@ export const useAlerts = () => {
 
   const useMultipleFingerprintsAlertAudit = (
     fingerprints: string[] | undefined,
-    options: SWRConfiguration = { revalidateOnFocus: true }
+    options: SWRConfiguration = {
+      revalidateOnFocus: true,
+      revalidateOnMount: false,
+    }
   ) => {
     return useSWR<AuditEvent[]>(
       () =>
@@ -112,7 +115,9 @@ export const useAlerts = () => {
 
   const useAlertAudit = (
     fingerprint: string,
-    options: SWRConfiguration = { revalidateOnFocus: false }
+    options: SWRConfiguration = {
+      revalidateOnFocus: false,
+    }
   ) => {
     return useSWR<AuditEvent[]>(
       () =>
diff --git a/keep-ui/utils/hooks/useDashboards.ts b/keep-ui/utils/hooks/useDashboards.ts
index a796afad4..de61bd967 100644
--- a/keep-ui/utils/hooks/useDashboards.ts
+++ b/keep-ui/utils/hooks/useDashboards.ts
@@ -15,7 +15,10 @@ export const useDashboards = () => {
 
   const { data, error, mutate } = useSWR<Dashboard[]>(
     session ? `${apiUrl}/dashboard` : null,
-    (url: string) => fetcher(url, session!.accessToken)
+    (url: string) => fetcher(url, session!.accessToken),
+    {
+      revalidateOnFocus: false,
+    }
   );
 
   return {
diff --git a/keep-ui/utils/hooks/useIncidents.ts b/keep-ui/utils/hooks/useIncidents.ts
index c9ba9d4f6..9e94c6386 100644
--- a/keep-ui/utils/hooks/useIncidents.ts
+++ b/keep-ui/utils/hooks/useIncidents.ts
@@ -2,7 +2,7 @@ import {
   IncidentDto,
   IncidentsMetaDto,
   PaginatedIncidentAlertsDto,
-  PaginatedIncidentsDto
+  PaginatedIncidentsDto,
 } from "../../app/incidents/models";
 import { PaginatedWorkflowExecutionDto } from "app/workflows/builder/types";
 import { useSession } from "next-auth/react";
@@ -11,17 +11,18 @@ import { getApiURL } from "utils/apiUrl";
 import { fetcher } from "utils/fetcher";
 import { useWebsocket } from "./usePusher";
 import { useCallback, useEffect } from "react";
+import { useAlerts } from "./useAlerts";
 
 interface IncidentUpdatePayload {
   incident_id: string | null;
 }
 
 interface Filters {
-  status: string[],
-  severity: string[],
-  assignees: string[]
-  sources: string[],
-  affected_services: string[],
+  status: string[];
+  severity: string[];
+  assignees: string[];
+  sources: string[];
+  affected_services: string[];
 }
 
 export const useIncidents = (
@@ -32,7 +33,7 @@ export const useIncidents = (
   filters: Filters | {} = {},
   options: SWRConfiguration = {
     revalidateOnFocus: false,
-  },
+  }
 ) => {
   const apiUrl = getApiURL();
   const { data: session } = useSession();
@@ -44,7 +45,7 @@ export const useIncidents = (
       filtersParams.delete(key as string);
     } else {
       value.forEach((s: string) => {
-        filtersParams.append(key, s)
+        filtersParams.append(key, s);
       });
     }
   });
@@ -91,7 +92,8 @@ export const useIncidentFutureIncidents = (
   const { data: session } = useSession();
 
   return useSWR<PaginatedIncidentsDto>(
-    () => (session ? `${apiUrl}/incidents/${incidentId}/future_incidents` : null),
+    () =>
+      session ? `${apiUrl}/incidents/${incidentId}/future_incidents` : null,
     (url) => fetcher(url, session?.accessToken),
     options
   );
@@ -133,6 +135,24 @@ export const useIncidentWorkflowExecutions = (
   );
 };
 
+export const usePollIncidentComments = (incidentId: string) => {
+  const { bind, unbind } = useWebsocket();
+  const { useAlertAudit } = useAlerts();
+  const { mutate: mutateIncidentActivity } = useAlertAudit(incidentId);
+  const handleIncoming = useCallback(
+    (data: IncidentUpdatePayload) => {
+      mutateIncidentActivity();
+    },
+    [mutateIncidentActivity]
+  );
+  useEffect(() => {
+    bind("incident-comment", handleIncoming);
+    return () => {
+      unbind("incident-comment", handleIncoming);
+    };
+  }, [bind, unbind, handleIncoming]);
+};
+
 export const usePollIncidentAlerts = (incidentId: string) => {
   const { bind, unbind } = useWebsocket();
   const { mutate } = useIncidentAlerts(incidentId);
@@ -167,7 +187,6 @@ export const usePollIncidents = (mutateIncidents: any) => {
   }, [bind, unbind, handleIncoming]);
 };
 
-
 export const useIncidentsMeta = (
   options: SWRConfiguration = {
     revalidateOnFocus: false,
@@ -181,4 +200,4 @@ export const useIncidentsMeta = (
     (url) => fetcher(url, session?.accessToken),
     options
   );
-};
\ No newline at end of file
+};
diff --git a/keep-ui/utils/hooks/useWorkflowExecutions.ts b/keep-ui/utils/hooks/useWorkflowExecutions.ts
index 19647af95..2414ce3c6 100644
--- a/keep-ui/utils/hooks/useWorkflowExecutions.ts
+++ b/keep-ui/utils/hooks/useWorkflowExecutions.ts
@@ -9,7 +9,11 @@ import useSWR, { SWRConfiguration } from "swr";
 import { getApiURL } from "utils/apiUrl";
 import { fetcher } from "utils/fetcher";
 
-export const useWorkflowExecutions = (options?: SWRConfiguration) => {
+export const useWorkflowExecutions = (
+  options: SWRConfiguration = {
+    revalidateOnFocus: false,
+  }
+) => {
   const apiUrl = getApiURL();
   const { data: session } = useSession();
 
diff --git a/keep/api/core/db.py b/keep/api/core/db.py
index fdb6b30bb..0d1c0e3c5 100644
--- a/keep/api/core/db.py
+++ b/keep/api/core/db.py
@@ -12,7 +12,7 @@
 from collections import defaultdict
 from contextlib import contextmanager
 from datetime import datetime, timedelta, timezone
-from typing import Any, Dict, List, Tuple, Union, Callable
+from typing import Any, Callable, Dict, List, Tuple, Union
 from uuid import uuid4
 
 import numpy as np
@@ -25,13 +25,13 @@
 from sqlalchemy.dialects.sqlite import insert as sqlite_insert
 from sqlalchemy.exc import IntegrityError, OperationalError
 from sqlalchemy.orm import joinedload, selectinload, subqueryload
-from sqlalchemy.sql import expression, exists
+from sqlalchemy.sql import exists, expression
 from sqlmodel import Session, col, or_, select, text
 
 from keep.api.core.db_utils import create_db_engine, get_json_extract_field
 
 # This import is required to create the tables
-from keep.api.models.alert import IncidentDtoIn, IncidentSorting, AlertStatus
+from keep.api.models.alert import AlertStatus, IncidentDtoIn, IncidentSorting
 from keep.api.models.db.action import Action
 from keep.api.models.db.alert import *  # pylint: disable=unused-wildcard-import
 from keep.api.models.db.dashboard import *  # pylint: disable=unused-wildcard-import
@@ -62,9 +62,10 @@
     "severity",
     "sources",
     "affected_services",
-    "assignee"
+    "assignee",
 ]
 
+
 @contextmanager
 def existed_or_new_session(session: Optional[Session] = None) -> Session:
     if session:
@@ -810,6 +811,27 @@ def get_last_workflow_executions(tenant_id: str, limit=20):
         return execution_with_logs
 
 
+def add_audit(
+    tenant_id: str,
+    fingerprint: str,
+    user_id: str,
+    action: AlertActionType,
+    description: str,
+) -> AlertAudit:
+    with Session(engine) as session:
+        audit = AlertAudit(
+            tenant_id=tenant_id,
+            fingerprint=fingerprint,
+            user_id=user_id,
+            action=action.value,
+            description=description,
+        )
+        session.add(audit)
+        session.commit()
+        session.refresh(audit)
+    return audit
+
+
 def _enrich_alert(
     session,
     tenant_id,
@@ -1504,7 +1526,7 @@ def create_rule(
     grouping_criteria=None,
     group_description=None,
     require_approve=False,
-    resolve_on=ResolveOn.NEVER.value
+    resolve_on=ResolveOn.NEVER.value,
 ):
     grouping_criteria = grouping_criteria or []
     with Session(engine) as session:
@@ -2373,13 +2395,12 @@ def update_preset_options(tenant_id: str, preset_id: str, options: dict) -> Pres
 
 
 def assign_alert_to_incident(
-        alert_id: UUID | str,
-        incident: Incident,
-        tenant_id: str,
-        session: Optional[Session]=None):
-    return add_alerts_to_incident(
-        tenant_id, incident, [alert_id], session=session
-    )
+    alert_id: UUID | str,
+    incident: Incident,
+    tenant_id: str,
+    session: Optional[Session] = None,
+):
+    return add_alerts_to_incident(tenant_id, incident, [alert_id], session=session)
 
 
 def is_alert_assigned_to_incident(
@@ -2506,21 +2527,26 @@ def get_incidents_meta_for_tenant(tenant_id: str) -> dict:
         if session.bind.dialect.name == "sqlite":
 
             sources_join = func.json_each(Incident.sources).table_valued("value")
-            affected_services_join = func.json_each(Incident.affected_services).table_valued("value")
+            affected_services_join = func.json_each(
+                Incident.affected_services
+            ).table_valued("value")
 
             query = (
                 select(
-                    func.json_group_array(col(Incident.assignee).distinct()).label("assignees"),
-                    func.json_group_array(sources_join.c.value.distinct()).label("sources"),
-                    func.json_group_array(affected_services_join.c.value.distinct()).label("affected_services"),
+                    func.json_group_array(col(Incident.assignee).distinct()).label(
+                        "assignees"
+                    ),
+                    func.json_group_array(sources_join.c.value.distinct()).label(
+                        "sources"
+                    ),
+                    func.json_group_array(
+                        affected_services_join.c.value.distinct()
+                    ).label("affected_services"),
                 )
                 .select_from(Incident)
                 .outerjoin(sources_join, True)
                 .outerjoin(affected_services_join, True)
-                .filter(
-                    Incident.tenant_id == tenant_id,
-                    Incident.is_confirmed == True
-                )
+                .filter(Incident.tenant_id == tenant_id, Incident.is_confirmed == True)
             )
             results = session.exec(query).one_or_none()
 
@@ -2535,22 +2561,27 @@ def get_incidents_meta_for_tenant(tenant_id: str) -> dict:
 
         elif session.bind.dialect.name == "mysql":
 
-            sources_join = func.json_table(Incident.sources, Column('value', String(127))).table_valued("value")
-            affected_services_join = func.json_table(Incident.affected_services, Column('value', String(127))).table_valued("value")
+            sources_join = func.json_table(
+                Incident.sources, Column("value", String(127))
+            ).table_valued("value")
+            affected_services_join = func.json_table(
+                Incident.affected_services, Column("value", String(127))
+            ).table_valued("value")
 
             query = (
                 select(
-                    func.group_concat(col(Incident.assignee).distinct()).label("assignees"),
+                    func.group_concat(col(Incident.assignee).distinct()).label(
+                        "assignees"
+                    ),
                     func.group_concat(sources_join.c.value.distinct()).label("sources"),
-                    func.group_concat(affected_services_join.c.value.distinct()).label("affected_services"),
+                    func.group_concat(affected_services_join.c.value.distinct()).label(
+                        "affected_services"
+                    ),
                 )
                 .select_from(Incident)
                 .outerjoin(sources_join, True)
                 .outerjoin(affected_services_join, True)
-                .filter(
-                    Incident.tenant_id == tenant_id,
-                    Incident.is_confirmed == True
-                )
+                .filter(Incident.tenant_id == tenant_id, Incident.is_confirmed == True)
             )
 
             results = session.exec(query).one_or_none()
@@ -2561,26 +2592,33 @@ def get_incidents_meta_for_tenant(tenant_id: str) -> dict:
             return {
                 "assignees": results.assignees.split(",") if results.assignees else [],
                 "sources": results.sources.split(",") if results.sources else [],
-                "services": results.affected_services.split(",") if results.affected_services else [],
+                "services": (
+                    results.affected_services.split(",")
+                    if results.affected_services
+                    else []
+                ),
             }
         elif session.bind.dialect.name == "postgresql":
 
-            sources_join = func.json_array_elements_text(Incident.sources).table_valued("value")
-            affected_services_join = func.json_array_elements_text(Incident.affected_services).table_valued("value")
+            sources_join = func.json_array_elements_text(Incident.sources).table_valued(
+                "value"
+            )
+            affected_services_join = func.json_array_elements_text(
+                Incident.affected_services
+            ).table_valued("value")
 
             query = (
                 select(
                     func.json_agg(col(Incident.assignee).distinct()).label("assignees"),
                     func.json_agg(sources_join.c.value.distinct()).label("sources"),
-                    func.json_agg(affected_services_join.c.value.distinct()).label("affected_services"),
+                    func.json_agg(affected_services_join.c.value.distinct()).label(
+                        "affected_services"
+                    ),
                 )
                 .select_from(Incident)
                 .outerjoin(sources_join, True)
                 .outerjoin(affected_services_join, True)
-                .filter(
-                    Incident.tenant_id == tenant_id,
-                    Incident.is_confirmed == True
-                )
+                .filter(Incident.tenant_id == tenant_id, Incident.is_confirmed == True)
             )
 
             results = session.exec(query).one_or_none()
@@ -2594,6 +2632,7 @@ def get_incidents_meta_for_tenant(tenant_id: str) -> dict:
             }
         return {}
 
+
 def apply_incident_filters(session: Session, filters: dict, query):
     for field_name, value in filters.items():
         if field_name in ALLOWED_INCIDENT_FILTERS:
@@ -2609,31 +2648,22 @@ def apply_incident_filters(session: Session, filters: dict, query):
             else:
                 field = getattr(Incident, field_name)
                 if isinstance(value, list):
-                    query = query.filter(
-                        col(field).in_(value)
-                    )
+                    query = query.filter(col(field).in_(value))
                 else:
-                    query = query.filter(
-                        col(field) == value
-                    )
+                    query = query.filter(col(field) == value)
     return query
 
+
 def filter_query(session: Session, query, field, value):
     if session.bind.dialect.name in ["mysql", "postgresql"]:
         if isinstance(value, list):
             if session.bind.dialect.name == "mysql":
-                query = query.filter(
-                    func.json_overlaps(field, func.json_array(value))
-                )
+                query = query.filter(func.json_overlaps(field, func.json_array(value)))
             else:
-                query = query.filter(
-                    col(field).op('?|')(func.array(value))
-                )
+                query = query.filter(col(field).op("?|")(func.array(value)))
 
         else:
-            query = query.filter(
-                func.json_contains(field, value)
-            )
+            query = query.filter(func.json_contains(field, value))
 
     elif session.bind.dialect.name == "sqlite":
         json_each_alias = func.json_each(field).table_valued("value")
@@ -2646,6 +2676,7 @@ def filter_query(session: Session, query, field, value):
         query = query.filter(subquery.exists())
     return query
 
+
 def get_last_incidents(
     tenant_id: str,
     limit: int = 25,
@@ -2778,7 +2809,9 @@ def update_incident_from_dto_by_id(
 
         incident.user_generated_name = updated_incident_dto.user_generated_name
         incident.assignee = updated_incident_dto.assignee
-        incident.same_incident_in_the_past_id = updated_incident_dto.same_incident_in_the_past_id
+        incident.same_incident_in_the_past_id = (
+            updated_incident_dto.same_incident_in_the_past_id
+        )
 
         if generated_by_ai:
             incident.generated_summary = updated_incident_dto.user_summary
@@ -2868,7 +2901,6 @@ def get_incident_alerts_and_links_by_incident_id(
 
     return query.all(), total_count
 
-
 def get_incident_alerts_by_incident_id(*args, **kwargs) -> tuple[List[Alert], int]:
     """
     Unpacking (List[(Alert, AlertToIncident)], int) to (List[Alert], int).
@@ -2884,12 +2916,10 @@ def get_future_incidents_by_incident_id(
     offset: Optional[int] = None,
 ) -> tuple[List[Incident], int]:
     with Session(engine) as session:
-        query = (
-            session.query(
-                Incident,
-            ).filter(Incident.same_incident_in_the_past_id == incident_id)
-        )
-        
+        query = session.query(
+            Incident,
+        ).filter(Incident.same_incident_in_the_past_id == incident_id)
+
         if limit:
             query = query.limit(limit)
         if offset:
@@ -3025,7 +3055,9 @@ def add_alerts_to_incident(
             if not new_alert_ids:
                 return incident
 
-            alerts_data_for_incident = get_alerts_data_for_incident(new_alert_ids, session)
+            alerts_data_for_incident = get_alerts_data_for_incident(
+                new_alert_ids, session
+            )
 
             incident.sources = list(
                 set(incident.sources if incident.sources else []) | set(alerts_data_for_incident["sources"])
@@ -3115,7 +3147,7 @@ def get_last_alerts_for_incidents(
 
 
 def remove_alerts_to_incident_by_incident_id(
-    tenant_id: str, incident_id:  str | UUID, alert_ids: List[UUID]
+    tenant_id: str, incident_id: str | UUID, alert_ids: List[UUID]
 ) -> Optional[int]:
     with Session(engine) as session:
         incident = session.exec(
@@ -3600,14 +3632,18 @@ def get_workflow_executions_for_incident_or_alert(
         results = session.execute(final_query).all()
         return results, total_count
 
-def is_all_incident_alerts_resolved(incident: Incident, session: Optional[Session] = None) -> bool:
 
+def is_all_incident_alerts_resolved(
+    incident: Incident, session: Optional[Session] = None
+) -> bool:
     if incident.alerts_count == 0:
         return False
 
     with existed_or_new_session(session) as session:
 
-        enriched_status_field = get_json_extract_field(session, AlertEnrichment.enrichments, "status")
+        enriched_status_field = get_json_extract_field(
+            session, AlertEnrichment.enrichments, "status"
+        )
         status_field = get_json_extract_field(session, Alert.event, "status")
 
         subquery = (
@@ -3616,7 +3652,9 @@ def is_all_incident_alerts_resolved(incident: Incident, session: Optional[Sessio
                 status_field.label("status"),
             )
             .select_from(Alert)
-            .outerjoin(AlertEnrichment, Alert.fingerprint == AlertEnrichment.alert_fingerprint)
+            .outerjoin(
+                AlertEnrichment, Alert.fingerprint == AlertEnrichment.alert_fingerprint
+            )
             .join(AlertToIncident, AlertToIncident.alert_id == Alert.id)
             .where(
                 AlertToIncident.deleted_at == NULL_FOR_DELETED_AT,
@@ -3638,8 +3676,8 @@ def is_all_incident_alerts_resolved(incident: Incident, session: Optional[Sessio
                         subquery.c.enriched_status != AlertStatus.RESOLVED.value,
                         and_(
                             subquery.c.enriched_status.is_(None),
-                            subquery.c.status != AlertStatus.RESOLVED.value
-                        )
+                            subquery.c.status != AlertStatus.RESOLVED.value,
+                        ),
                     )
                 )
             )
@@ -3648,46 +3686,52 @@ def is_all_incident_alerts_resolved(incident: Incident, session: Optional[Sessio
         return not not_resolved_exists
 
 
-def is_last_incident_alert_resolved(incident: Incident, session: Optional[Session] = None) -> bool:
+def is_last_incident_alert_resolved(
+    incident: Incident, session: Optional[Session] = None
+) -> bool:
     return is_edge_incident_alert_resolved(incident, func.max, session)
 
 
-def is_first_incident_alert_resolved(incident: Incident, session: Optional[Session] = None) -> bool:
+def is_first_incident_alert_resolved(
+    incident: Incident, session: Optional[Session] = None
+) -> bool:
     return is_edge_incident_alert_resolved(incident, func.min, session)
 
 
-def is_edge_incident_alert_resolved(incident: Incident, direction: Callable, session: Optional[Session] = None) -> bool:
+def is_edge_incident_alert_resolved(
+    incident: Incident, direction: Callable, session: Optional[Session] = None
+) -> bool:
 
     if incident.alerts_count == 0:
         return False
 
     with existed_or_new_session(session) as session:
 
-        enriched_status_field = get_json_extract_field(session, AlertEnrichment.enrichments, "status")
+        enriched_status_field = get_json_extract_field(
+            session, AlertEnrichment.enrichments, "status"
+        )
         status_field = get_json_extract_field(session, Alert.event, "status")
 
         finerprint, enriched_status, status = session.exec(
-            select(
-                Alert.fingerprint,
-                enriched_status_field,
-                status_field
-            )
+            select(Alert.fingerprint, enriched_status_field, status_field)
             .select_from(Alert)
-            .outerjoin(AlertEnrichment, Alert.fingerprint == AlertEnrichment.alert_fingerprint)
+            .outerjoin(
+                AlertEnrichment, Alert.fingerprint == AlertEnrichment.alert_fingerprint
+            )
             .join(AlertToIncident, AlertToIncident.alert_id == Alert.id)
             .where(
-                AlertToIncident.deleted_at == NULL_FOR_DELETED_AT,
                 AlertToIncident.incident_id == incident.id
             )
             .group_by(Alert.fingerprint)
             .having(func.max(Alert.timestamp))
             .order_by(direction(Alert.timestamp))
         ).first()
-
+        
         return (
             enriched_status == AlertStatus.RESOLVED.value or
             (enriched_status is None and status == AlertStatus.RESOLVED.value)
         )
+
 def get_alerts_metrics_by_provider(
     tenant_id: str,
     start_date: Optional[datetime] = None, 
diff --git a/keep/api/models/db/alert.py b/keep/api/models/db/alert.py
index 171c6f612..b46690734 100644
--- a/keep/api/models/db/alert.py
+++ b/keep/api/models/db/alert.py
@@ -1,8 +1,7 @@
 import enum
 import logging
-from typing import Optional
 from datetime import datetime
-from typing import List
+from typing import List, Optional
 from uuid import UUID, uuid4
 
 from sqlalchemy import ForeignKey, UniqueConstraint
@@ -143,14 +142,14 @@ class Incident(SQLModel, table=True):
         ),
     )
 
-    same_incident_in_the_past: Optional['Incident'] = Relationship(
+    same_incident_in_the_past: Optional["Incident"] = Relationship(
         back_populates="same_incidents_in_the_future",
         sa_relationship_kwargs=dict(
-            remote_side='Incident.id',
-        )
+            remote_side="Incident.id",
+        ),
     )
 
-    same_incidents_in_the_future: list['Incident'] = Relationship(
+    same_incidents_in_the_future: list["Incident"] = Relationship(
         back_populates="same_incident_in_the_past",
     )
 
@@ -388,3 +387,4 @@ class AlertActionType(enum.Enum):
     COMMENT = "a comment was added to the alert"
     UNCOMMENT = "a comment was removed from the alert"
     MAINTENANCE = "Alert is in maintenance window"
+    INCIDENT_COMMENT = "A comment was added to the incident"
diff --git a/keep/api/routes/incidents.py b/keep/api/routes/incidents.py
index 9160d9e62..bf2921bd8 100644
--- a/keep/api/routes/incidents.py
+++ b/keep/api/routes/incidents.py
@@ -6,13 +6,15 @@
 from datetime import datetime
 from typing import List
 
-from fastapi import APIRouter, Depends, HTTPException, Query, Response, Query
+from fastapi import APIRouter, Depends, HTTPException, Query, Response
 from pusher import Pusher
 from pydantic.types import UUID
 
 from keep.api.arq_pool import get_pool
 from keep.api.core.db import (
     add_alerts_to_incident_by_incident_id,
+    add_audit,
+    change_incident_status_by_id,
     confirm_predicted_incident_by_id,
     create_incident_from_dto,
     delete_incident_by_id,
@@ -21,27 +23,26 @@
     get_incident_alerts_and_links_by_incident_id,
     get_incident_by_id,
     get_incident_unique_fingerprint_count,
+    get_incidents_meta_for_tenant,
     get_last_incidents,
     get_workflow_executions_for_incident_or_alert,
     remove_alerts_to_incident_by_incident_id,
-    change_incident_status_by_id,
     update_incident_from_dto_by_id,
-    get_incidents_meta_for_tenant,
 )
 from keep.api.core.dependencies import get_pusher_client
 from keep.api.core.elastic import ElasticClient
 from keep.api.models.alert import (
     AlertDto,
+    EnrichAlertRequestBody,
     IncidentDto,
     IncidentDtoIn,
-    IncidentStatusChangeDto,
-    IncidentStatus,
-    EnrichAlertRequestBody,
-    IncidentSorting,
-    IncidentSeverity,
     IncidentListFilterParamsDto,
+    IncidentSeverity,
+    IncidentSorting,
+    IncidentStatus,
+    IncidentStatusChangeDto,
 )
-
+from keep.api.models.db.alert import AlertActionType, AlertAudit
 from keep.api.routes.alerts import _enrich_alert
 from keep.api.utils.enrichment_helpers import convert_db_alerts_to_dto_alerts
 from keep.api.utils.import_ee import mine_incidents_and_create_objects
@@ -193,7 +194,6 @@ def get_all_incidents(
     if affected_services:
         filters["affected_services"] = affected_services
 
-
     logger.info(
         "Fetching incidents from DB",
         extra={
@@ -437,7 +437,9 @@ def get_future_incidents_for_an_incident(
         offset=offset,
         incident_id=incident_id,
     )
-    future_incidents = [IncidentDto.from_db_incident(incident) for incident in db_incidents]
+    future_incidents = [
+        IncidentDto.from_db_incident(incident) for incident in db_incidents
+    ]
     logger.info(
         "Fetched future incidents from DB",
         extra={
@@ -524,7 +526,9 @@ async def add_alerts_to_incident(
                 limit=len(alert_ids) + incident.alerts_count,
             )
 
-            enriched_alerts_dto = convert_db_alerts_to_dto_alerts(db_alerts, with_incidents=True)
+            enriched_alerts_dto = convert_db_alerts_to_dto_alerts(
+                db_alerts, with_incidents=True
+            )
             logger.info(
                 "Fetched alerts from DB",
                 extra={
@@ -726,3 +730,36 @@ def change_incident_status(
     new_incident_dto = IncidentDto.from_db_incident(incident)
 
     return new_incident_dto
+
+
+@router.post("/{incident_id}/comment", description="Add incident audit activity")
+def add_comment(
+    incident_id: UUID,
+    change: IncidentStatusChangeDto,
+    authenticated_entity: AuthenticatedEntity = Depends(
+        IdentityManagerFactory.get_auth_verifier(["write:incident"])
+    ),
+    pusher_client: Pusher = Depends(get_pusher_client),
+) -> AlertAudit:
+    extra = {
+        "tenant_id": authenticated_entity.tenant_id,
+        "commenter": authenticated_entity.email,
+        "comment": change.comment,
+        "incident_id": str(incident_id),
+    }
+    logger.info("Adding comment to incident", extra=extra)
+    comment = add_audit(
+        authenticated_entity.tenant_id,
+        str(incident_id),
+        authenticated_entity.email,
+        AlertActionType.INCIDENT_COMMENT,
+        change.comment,
+    )
+
+    if pusher_client:
+        pusher_client.trigger(
+            f"private-{authenticated_entity.tenant_id}", "incident-comment", {}
+        )
+
+    logger.info("Added comment to incident", extra=extra)
+    return comment

From 14634a25ace58eceac315c5e891a48a9e0d4f695 Mon Sep 17 00:00:00 2001
From: Tal <tal@keephq.dev>
Date: Tue, 22 Oct 2024 11:55:31 +0300
Subject: [PATCH 2/2] feat: provider pulling enable/disable from UI (#2263)

---
 keep-ui/app/providers/provider-form.tsx       | 107 +++++++++++++++---
 keep-ui/app/providers/providers.tsx           |   3 +
 keep-ui/app/topology/ui/map/service-node.tsx  |   2 +-
 .../workflow-execution-table.tsx              |   2 -
 .../versions/2024-10-22-10-38_8438f041ee0e.py |  32 ++++++
 keep/api/models/db/provider.py                |   1 +
 keep/api/models/provider.py                   |   1 +
 keep/api/routes/preset.py                     |  22 ++--
 keep/api/routes/providers.py                  |   2 +
 keep/providers/providers_factory.py           |   1 +
 keep/providers/providers_service.py           |   5 +
 11 files changed, 151 insertions(+), 27 deletions(-)
 create mode 100644 keep/api/models/db/migrations/versions/2024-10-22-10-38_8438f041ee0e.py

diff --git a/keep-ui/app/providers/provider-form.tsx b/keep-ui/app/providers/provider-form.tsx
index 2db75e4e7..f907e6c08 100644
--- a/keep-ui/app/providers/provider-form.tsx
+++ b/keep-ui/app/providers/provider-form.tsx
@@ -51,6 +51,8 @@ import cookieCutter from "@boiseitguru/cookie-cutter";
 import { useSearchParams } from "next/navigation";
 import "./provider-form.css";
 import { useProviders } from "@/utils/hooks/useProviders";
+import TimeAgo from "react-timeago";
+import { toast } from "react-toastify";
 
 type ProviderFormProps = {
   provider: Provider;
@@ -156,6 +158,9 @@ const ProviderForm = ({
   };
   if (provider.can_setup_webhook) {
     initialData["install_webhook"] = provider.can_setup_webhook;
+    if (provider.pulling_enabled) {
+      initialData["pulling_enabled"] = true;
+    }
   }
   const [formValues, setFormValues] = useState<{
     [key: string]: string | boolean;
@@ -178,6 +183,9 @@ const ProviderForm = ({
 
     if (provider.can_setup_webhook) {
       initialValues["install_webhook"] = provider.can_setup_webhook;
+      if (provider.pulling_enabled) {
+        initialValues["pulling_enabled"] = provider.pulling_enabled;
+      }
     }
     return initialValues;
   });
@@ -342,6 +350,16 @@ const ProviderForm = ({
     }));
   };
 
+  const handlePullingEnabledChange = (
+    event: React.ChangeEvent<HTMLInputElement>
+  ) => {
+    const checked = event.target.checked;
+    setFormValues((prevValues) => ({
+      ...prevValues,
+      pulling_enabled: checked,
+    }));
+  };
+
   const validate = () => {
     const errors = validateForm(formValues);
     if (Object.keys(errors).length === 0) {
@@ -424,9 +442,13 @@ const ProviderForm = ({
       submit(`${getApiURL()}/providers/${provider.id}`, "PUT")
         .then((data) => {
           setIsLoading(false);
+          toast.success("Updated provider successfully", {
+            position: "top-left",
+          });
           mutate();
         })
         .catch((error) => {
+          toast.error("Failed to update provider", { position: "top-left" });
           const updatedFormErrors = error.toString();
           setFormErrors(updatedFormErrors);
           onFormChange(formValues, updatedFormErrors);
@@ -741,7 +763,12 @@ const ProviderForm = ({
             />
           </Link>
         </div>
-
+        {installedProvidersMode && provider.last_pull_time && (
+          <Subtitle>
+            Provider last pull time:{" "}
+            <TimeAgo date={provider.last_pull_time + "Z"} />
+          </Subtitle>
+        )}
         {provider.provisioned && (
           <div className="w-full mt-4">
             <Callout
@@ -902,6 +929,30 @@ const ProviderForm = ({
                       tooltip={`Whether to install Keep as a webhook integration in ${provider.type}. This allows Keep to asynchronously receive alerts from ${provider.type}. Please note that this will install a new integration in ${provider.type} and slightly modify your monitors/notification policy to include Keep.`}
                     />
                   </label>
+                  {
+                    // This is here because pulling is only enabled for providers we can get alerts from (e.g., support webhook)
+                  }
+                  <input
+                    type="checkbox"
+                    id="pulling_enabled"
+                    name="pulling_enabled"
+                    className="mr-2.5"
+                    onChange={handlePullingEnabledChange}
+                    checked={formValues["pulling_enabled"] || false}
+                  />
+                  <label
+                    htmlFor="pulling_enabled"
+                    className="flex items-center"
+                  >
+                    <Text className="capitalize">Pulling Enabled</Text>
+                    <Icon
+                      icon={QuestionMarkCircleIcon}
+                      variant="simple"
+                      color="gray"
+                      size="sm"
+                      tooltip={`Whether Keep should try to pull alerts automatically from the provider once in a while`}
+                    />
+                  </label>
                 </div>
                 {isLocalhost && (
                   <span className="text-sm">
@@ -929,21 +980,45 @@ const ProviderForm = ({
           </div>
 
           {provider.can_setup_webhook && installedProvidersMode && (
-            <Button
-              icon={GlobeAltIcon}
-              onClick={callInstallWebhook}
-              variant="secondary"
-              color="orange"
-              className="mt-2.5"
-              disabled={!installOrUpdateWebhookEnabled || provider.provisioned}
-              tooltip={
-                !installOrUpdateWebhookEnabled
-                  ? "Fix required webhook scopes and refresh scopes to enable"
-                  : "This uses server saved credentials. If needed, please use the `Update` button first"
-              }
-            >
-              Install/Update Webhook
-            </Button>
+            <>
+              <div className="flex">
+                <input
+                  type="checkbox"
+                  id="pulling_enabled"
+                  name="pulling_enabled"
+                  className="mr-2.5"
+                  onChange={handlePullingEnabledChange}
+                  checked={formValues["pulling_enabled"] || false}
+                />
+                <label htmlFor="pulling_enabled" className="flex items-center">
+                  <Text className="capitalize">Pulling Enabled</Text>
+                  <Icon
+                    icon={QuestionMarkCircleIcon}
+                    variant="simple"
+                    color="gray"
+                    size="sm"
+                    tooltip={`Whether Keep should try to pull alerts automatically from the provider once in a while`}
+                  />
+                </label>
+              </div>
+              <Button
+                icon={GlobeAltIcon}
+                onClick={callInstallWebhook}
+                variant="secondary"
+                color="orange"
+                className="mt-2.5"
+                disabled={
+                  !installOrUpdateWebhookEnabled || provider.provisioned
+                }
+                tooltip={
+                  !installOrUpdateWebhookEnabled
+                    ? "Fix required webhook scopes and refresh scopes to enable"
+                    : "This uses server saved credentials. If needed, please use the `Update` button first"
+                }
+              >
+                Install/Update Webhook
+              </Button>
+            </>
           )}
           {provider.supports_webhook && (
             <ProviderSemiAutomated
diff --git a/keep-ui/app/providers/providers.tsx b/keep-ui/app/providers/providers.tsx
index 403fde0c8..c3bcc9ae9 100644
--- a/keep-ui/app/providers/providers.tsx
+++ b/keep-ui/app/providers/providers.tsx
@@ -95,6 +95,8 @@ export interface Provider {
   validatedScopes: { [scopeName: string]: boolean | string };
   methods?: ProviderMethod[];
   tags: TProviderLabels[];
+  last_pull_time?: Date;
+  pulling_enabled: boolean;
   alertsDistribution?: AlertDistritbuionData[];
   alertExample?: { [key: string]: string };
   provisioned?: boolean;
@@ -115,4 +117,5 @@ export const defaultProvider: Provider = {
   type: "",
   tags: [],
   validatedScopes: {},
+  pulling_enabled: true,
 };
diff --git a/keep-ui/app/topology/ui/map/service-node.tsx b/keep-ui/app/topology/ui/map/service-node.tsx
index 123303945..a15c7e3c7 100644
--- a/keep-ui/app/topology/ui/map/service-node.tsx
+++ b/keep-ui/app/topology/ui/map/service-node.tsx
@@ -107,7 +107,7 @@ export function ServiceNode({ data, selected }: NodeProps<ServiceNodeType>) {
         onMouseEnter={() => setShowDetails(true)}
         onMouseLeave={() => setShowDetails(false)}
       >
-        <strong className="text-lg">{data.display_name ?? data.service}</strong>
+        <strong className="text-lg">{data.display_name || data.service}</strong>
         {alertCount > 0 && (
           <span
             className={`absolute top-[-20px] right-[-20px] mt-2 mr-2 px-2 py-1 text-white text-xs font-bold rounded-full ${badgeColor} hover:cursor-pointer`}
diff --git a/keep-ui/app/workflows/[workflow_id]/workflow-execution-table.tsx b/keep-ui/app/workflows/[workflow_id]/workflow-execution-table.tsx
index f1b9a225e..752daee02 100644
--- a/keep-ui/app/workflows/[workflow_id]/workflow-execution-table.tsx
+++ b/keep-ui/app/workflows/[workflow_id]/workflow-execution-table.tsx
@@ -14,8 +14,6 @@ import Image from "next/image";
 import {
   CheckCircleIcon,
   EllipsisHorizontalIcon,
-  EyeIcon,
-  WrenchIcon,
   XCircleIcon,
 } from "@heroicons/react/20/solid";
 import TimeAgo, { Formatter, Suffix, Unit } from "react-timeago";
diff --git a/keep/api/models/db/migrations/versions/2024-10-22-10-38_8438f041ee0e.py b/keep/api/models/db/migrations/versions/2024-10-22-10-38_8438f041ee0e.py
new file mode 100644
index 000000000..eae0abfc5
--- /dev/null
+++ b/keep/api/models/db/migrations/versions/2024-10-22-10-38_8438f041ee0e.py
@@ -0,0 +1,32 @@
+"""add pulling_enabled
+
+Revision ID: 8438f041ee0e
+Revises: 83c1020be97d
+Create Date: 2024-10-22 10:38:29.857284
+
+"""
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "8438f041ee0e"
+down_revision = "83c1020be97d"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table("provider", schema=None) as batch_op:
+        batch_op.add_column(
+            sa.Column("pulling_enabled", sa.Boolean(), nullable=False, default=True)
+        )
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    with op.batch_alter_table("provider", schema=None) as batch_op:
+        batch_op.drop_column("pulling_enabled")
+    # ### end Alembic commands ###
diff --git a/keep/api/models/db/provider.py b/keep/api/models/db/provider.py
index 37d8d05fa..33e200784 100644
--- a/keep/api/models/db/provider.py
+++ b/keep/api/models/db/provider.py
@@ -20,6 +20,7 @@ class Provider(SQLModel, table=True):
         sa_column=Column(JSON)
     )  # scope name is key and value is either True if validated or string with error message, e.g: {"read": True, "write": "error message"}
     consumer: bool = False
+    pulling_enabled: bool = True
     last_pull_time: Optional[datetime]
     provisioned: bool = Field(default=False)
 
diff --git a/keep/api/models/provider.py b/keep/api/models/provider.py
index 93810817c..5c15bfc22 100644
--- a/keep/api/models/provider.py
+++ b/keep/api/models/provider.py
@@ -39,6 +39,7 @@ class Provider(BaseModel):
     methods: list[ProviderMethod] = []
     installed_by: str | None = None
     installation_time: datetime | None = None
+    pulling_enabled: bool = True
     last_pull_time: datetime | None = None
     docs: str | None = None
     tags: list[
diff --git a/keep/api/routes/preset.py b/keep/api/routes/preset.py
index a812d6be1..cfa701681 100644
--- a/keep/api/routes/preset.py
+++ b/keep/api/routes/preset.py
@@ -1,16 +1,18 @@
+import json
 import logging
 import os
 import uuid
 from datetime import datetime
 from typing import Optional
+
 from fastapi import (
     APIRouter,
     BackgroundTasks,
     Depends,
     HTTPException,
+    Query,
     Request,
     Response,
-    Query
 )
 from pydantic import BaseModel
 from sqlmodel import Session, select
@@ -24,7 +26,6 @@
     update_provider_last_pull_time,
 )
 from keep.api.models.alert import AlertDto
-from keep.api.models.time_stamp import TimeStampFilter
 from keep.api.models.db.preset import (
     Preset,
     PresetDto,
@@ -33,6 +34,7 @@
     Tag,
     TagDto,
 )
+from keep.api.models.time_stamp import TimeStampFilter
 from keep.api.tasks.process_event_task import process_event
 from keep.api.tasks.process_topology_task import process_topology
 from keep.contextmanager.contextmanager import ContextManager
@@ -41,7 +43,6 @@
 from keep.providers.base.base_provider import BaseTopologyProvider
 from keep.providers.providers_factory import ProvidersFactory
 from keep.searchengine.searchengine import SearchEngine
-import json
 
 router = APIRouter()
 logger = logging.getLogger(__name__)
@@ -86,6 +87,10 @@ def pull_data_from_providers(
             "trace_id": trace_id,
         }
 
+        if not provider.pulling_enabled:
+            logger.debug("Pulling is disabled for this provider", extra=extra)
+            continue
+
         if provider.last_pull_time is not None:
             now = datetime.now()
             days_passed = (now - provider.last_pull_time).days
@@ -173,9 +178,7 @@ def pull_data_from_providers(
 
 
 # Function to handle the time_stamp query parameter and parse it
-def _get_time_stamp_filter(
-    time_stamp: Optional[str] = Query(None)
-) -> TimeStampFilter:
+def _get_time_stamp_filter(time_stamp: Optional[str] = Query(None)) -> TimeStampFilter:
     if time_stamp:
         try:
             # Parse the JSON string
@@ -186,6 +189,7 @@ def _get_time_stamp_filter(
             raise HTTPException(status_code=400, detail="Invalid time_stamp format")
     return TimeStampFilter()
 
+
 @router.get(
     "",
     description="Get all presets for tenant",
@@ -195,7 +199,7 @@ def get_presets(
         IdentityManagerFactory.get_auth_verifier(["read:preset"])
     ),
     session: Session = Depends(get_session),
-    time_stamp: TimeStampFilter = Depends(_get_time_stamp_filter)
+    time_stamp: TimeStampFilter = Depends(_get_time_stamp_filter),
 ) -> list[PresetDto]:
     tenant_id = authenticated_entity.tenant_id
     logger.info(f"Getting all presets {time_stamp}")
@@ -224,7 +228,9 @@ def get_presets(
     # get the number of alerts + noisy alerts for each preset
     search_engine = SearchEngine(tenant_id=tenant_id)
     # get the preset metatada
-    presets_dto = search_engine.search_preset_alerts(presets=presets_dto, time_stamp=time_stamp)
+    presets_dto = search_engine.search_preset_alerts(
+        presets=presets_dto, time_stamp=time_stamp
+    )
 
     return presets_dto
 
diff --git a/keep/api/routes/providers.py b/keep/api/routes/providers.py
index e30f7c349..e746ce839 100644
--- a/keep/api/routes/providers.py
+++ b/keep/api/routes/providers.py
@@ -490,6 +490,7 @@ async def install_provider(
         provider_id = provider_info.pop("provider_id")
         provider_name = provider_info.pop("provider_name")
         provider_type = provider_info.pop("provider_type", None) or provider_id
+        pulling_enabled = provider_info.pop("pulling_enabled", True)
     except KeyError as e:
         raise HTTPException(
             status_code=400, detail=f"Missing required field: {e.args[0]}"
@@ -507,6 +508,7 @@ async def install_provider(
             provider_name,
             provider_type,
             provider_info,
+            pulling_enabled=pulling_enabled,
         )
         return JSONResponse(status_code=200, content=result)
     except HTTPException as e:
diff --git a/keep/providers/providers_factory.py b/keep/providers/providers_factory.py
index 079467200..fb5d9bdd6 100644
--- a/keep/providers/providers_factory.py
+++ b/keep/providers/providers_factory.py
@@ -411,6 +411,7 @@ def get_installed_providers(
             provider_copy.installation_time = p.installation_time
             provider_copy.last_pull_time = p.last_pull_time
             provider_copy.provisioned = p.provisioned
+            provider_copy.pulling_enabled = p.pulling_enabled
             try:
                 provider_auth = {"name": p.name}
                 if include_details:
diff --git a/keep/providers/providers_service.py b/keep/providers/providers_service.py
index dad1d8d37..453a2ebcf 100644
--- a/keep/providers/providers_service.py
+++ b/keep/providers/providers_service.py
@@ -47,6 +47,7 @@ def install_provider(
         provider_config: Dict[str, Any],
         provisioned: bool = False,
         validate_scopes: bool = True,
+        pulling_enabled: bool = True,
     ) -> Dict[str, Any]:
         provider_unique_id = uuid.uuid4().hex
         logger.info(
@@ -95,6 +96,7 @@ def install_provider(
                 validatedScopes=validated_scopes,
                 consumer=provider.is_consumer,
                 provisioned=provisioned,
+                pulling_enabled=pulling_enabled,
             )
             try:
                 session.add(provider_model)
@@ -148,6 +150,8 @@ def update_provider(
         if provider.provisioned:
             raise HTTPException(403, detail="Cannot update a provisioned provider")
 
+        pulling_enabled = provider_info.pop("pulling_enabled", True)
+
         provider_config = {
             "authentication": provider_info,
             "name": provider.name,
@@ -171,6 +175,7 @@ def update_provider(
 
         provider.installed_by = updated_by
         provider.validatedScopes = validated_scopes
+        provider.pulling_enabled = pulling_enabled
         session.commit()
 
         return {