Incident Management: Add a Journal Entry

Document created by RSA Information Design and Development on May 10, 2016
Version 1Show Document
  • View in full screen mode
 
  

You create a journal entry for an incident to capture additional information regarding the incident that helps the assignee understand the incident and track it in a better way.

Procedure

To create a journal entry for an incident:

  1. In the Security Analytics menu, select Incidents > Queue.
    The My Incidents view is displayed.
  2. In the My Incidents view, double-click an incident.
    The incident details view is displayed.
  3. Under Incident Journal, click Icon-Add.png
    The New Journal Entry dialog is displayed.
  4. Provide the required information. The Notes field is required. Type in relevant useful information in the Notes field to describe the investigation. The Investigation Milestone and file attachments are optional and can be included when it is useful for further investigation. The Investigation Milestone options are: Reconnaissance, Delivery, Exploitation, Installation, Command and Control, Action On Objective, Containment, Eradication, and Closure. 
  5. Click Publish Journal Entry.
    The journal entry is created and displayed under Incident Journal.
You are here: Incident Management Process Flow > Investigate an Incident > Add a Journal Entry

Attachments

    Outcomes