- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Manually Create an Incident
Instead of ingesting incidents from a service as they cross a risk threshold or creating an incident from a Smart Timelines™ session summary, manually create an incident if you need one immediately and it's not associated with an Advanced Analytics session.
In the sidebar, click CASE MANAGER
.Select + NEW INCIDENT.
Enter information about the incident:
Incident name – Enter an incident name.
Incident type – Select an incident type.
Event start time – Indicate when the incident started.
Event end time – Indicate when the incident ended, if known.
Queue – Assign the incident to a queue. If not, the incident is assigned to the default Unassigned queue.
Assignee – Assign the incident to someone on your team. If not, it is assigned to "unassigned" by default.
Priority – Low, medium, high, or critical.
Status – Select the status of the incident: New, In Progress, Pending, Resolved, or Closed. Feel free to use these statuses according to your organization's workflow and needs.
Restrict to – Restrict who can access this incident. Only these people, groups, or roles can access this incident. Open tasks assigned to people restricted from the incident are reassigned to Unassigned. Keep in mind that anyone with View Restricted Incidents permissions can always view the incident.
Description – Provide context about the incident.
Click CREATE.