- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Assign an Incident to a Queue, Assignee, Priority, or Status
- Manually Add an Entity
- Manually Add an Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Exabeam Tasks
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export a List of Incidents to CSV
Manually Create an Incident
Instead of ingesting incidents from a service as they cross a risk threshold, manually create an incident if you need one immediately.
In the navigation bar, click INCIDENTS.
Select + NEW INCIDENT.
Enter information about the incident:
Incident name – Enter an incident name.
Incident type – Select an incident type.
Event start time – Indicate when the incident started.
Event end time – Indicate when the incident ended, if known.
Queue – Assign the incident to a queue. If not, the incident is assigned to the default Unassigned queue.
Assignee – Assign the incident to someone on your team. If not, it is assigned to "unassigned" by default.
Priority – Low, medium, high, or critical.
Status – Select the status of the incident: New, In Progress, Pending, Resolved, or Closed. Feel free to use these statuses according to your organization's workflow and needs.
Restrict to – Restrict who can access this incident. These people or groups can't see or search for this incident.
Description – Provide context about the incident.