You create a journal entry for an incident to capture additional information regarding the incident that helps the assignee understand the incident and track it in a better way.
To create a journal entry for an incident:
- In the Security Analytics menu, select Incidents > Queue.
The My Incidents view is displayed.
- In the My Incidents view, double-click an incident.
The incident details view is displayed.
- Under Incident Journal, click
The New Journal Entry dialog is displayed.
- Provide the required information. The Notes field is required. Type in relevant useful information in the Notes field to describe the investigation. The Investigation Milestone and file attachments are optional and can be included when it is useful for further investigation. The Investigation Milestone options are: Reconnaissance, Delivery, Exploitation, Installation, Command and Control, Action On Objective, Containment, Eradication, and Closure.
- Click Publish Journal Entry.
The journal entry is created and displayed under Incident Journal.