[jdenning]

It depends on the alert :D

More seriously though:

I had a ChatOps setup a few years back where authorized users could send commands to the config management/remote execution system we used to manage all our servers (in this instance, SaltStack).

Junior staff and people who were more on the "Dev" side DevOps were able to watch the full incident process from Alert -> Investigation -> Remediation both in real-time, and by reviewing the logs.

In the same way, people were able to learn commands to create and destroy infrastructure, which was useful for their workflow and improved efficiency all around.

It takes a fair bit of work to get setup properly, but it's pretty great once you do.