Case ManagerTrack and Maintain Security Incidents

Filter Incidents

On the INCIDENTS page, filter the list of incidents to find those that fit a certain criteria. If you frequently use certain criteria, create your own custom filter.

In the filter panel, filter your incidents by:

  • Queue

  • Assignee

  • Date

  • Incident TypeIncident Types

  • Status

  • Priority

  • Entity

  • Artifact

  • Keyword

There are four out-of-the-box filters.

If you frequently use certain filter inputs, create a custom filter. For example, if you frequently filter for incidents that were false positive and happened in the past 24 hours, you can save how you've configured the filter inputs so you quickly apply it when you need it.

Out-of-the-Box Incident Filters

There are four out-of-the-box incident filters. You can't delete them. If you don't want to use them, build off of them by duplicating them and making changes, or create your own filter from scratch.

Out-of-the-box filter

Use this filter to view...

Filter inputs

All Incidents

All open incidents that have been created, no matter who it's assigned to; when it started, ended or was created; or its priority.

Status: New, in progress, resolved, pending

My Incidents

All open incidents you've been assigned to.

Owner: Current user

Status: New, in progress, resolved, pending

Unassigned Incidents

Incidents that are recently created and not assigned to a queue.

Owner: Default queue

Status: New

Critical incidents

All open incidents that are a critical priority, no matter who it's assigned to or when it started, ended, or was created.

Priority: Critical

Status: New, in progress, resolved, pending

Duplicate an Incident Filter

If you don't want to create a custom filter from scratch, quickly create a filter using an existing filter as a starting point. You can duplicate any filter, including those that come out of the box.

  1. On the INCIDENTS page, next to the filter name, select the down arrow. The filter menu opens.

  2. Select a filter.

  3. Next to the filter name, click the More The more options menu; three vertical grey dots on a white background. menu.

  4. Select Duplicate. The duplicated filter is named Copy of [Filter].

Edit a Custom Incident Filter

If you created a custom filter, edit the filter inputs to change how it's configured. You can't edit out-of-the-box filters.

  1. On the INCIDENTS page, next to the filter name, select the down arrow. The filter menu opens.

  2. Select a filter.

  3. Change the filter inputs:

  4. Next to the filter name, click Save.

Delete a Custom Incident Filter

If you created a custom filter, you can delete it. You can't delete out-of-the-box filters.

  1. On the INCIDENTS page, next to the filter name, select the down arrow. The filter menu opens.

  2. Select the filter you're deleting.

  3. Next to the filter name, click the More The more options menu; three vertical grey dots on a white background. menu, then select Delete.