Most people summed up the important points. I'll still throw in my 2 bits...

First, you need to define what an incident is. Second, you need to define the scope of your incidents. This pretty much is where events come in. Event 1 and Event 2 mean that an incident level 4 has occured. Incident level 4 may translate to a hardware issue. The key here is not to have too many or too few incident levels. Seven would be the max. This makes trending and reporting much easier for you.

So, I voted, it depends. A reboot is an event. A defined incident is the culmination of events.

--TH13