Case ManagerInvestigate a Security Incident

Table of Contents

Manually Create an Incident

Instead of ingesting incidents from a service as they cross a risk threshold, manually create an incident if you need one immediately.

  1. In the navigation bar, click INCIDENTS.

  2. Select + NEW INCIDENT.

  3. Enter information about the incident:

    • Incident name – Enter an incident name.

    • Incident type – Select an incident type.Incident TypesIncident Types

    • Event start time – Indicate when the incident started.

    • Event end time – Indicate when the incident ended, if known.

    • Queue – Assign the incident to a queue. If not, the incident is assigned to the default Unassigned queue.

    • Assignee – Assign the incident to someone on your team. If not, it is assigned to "unassigned" by default.

    • Priority – Low, medium, high, or critical.

    • Status – Select the status of the incident: New, In Progress, Pending, Resolved, or Closed. Feel free to use these statuses according to your organization's workflow and needs.

    • Restrict to – Restrict who can access this incident. These people or groups can't see or search for this incident.

    • Description – Provide context about the incident.

  4. Click CREATE.