This procedure is helpful to free up disk space by deleting incidents that are not needed.
To delete incidents:
- In the Security Analytics menu, select Incidents > Queue.
The My Incidents tab is displayed.
- Select the All Incidents tab to see all incidents for all analysts.
- Perform one of the following actions:
- Select each incident to delete, then click .
- Click , choose Delete by Time Range and select the time period to delete alerts.
A confirmation dialog is displayed.
Deleted incidents, which includes journal entries and remediation tasks, are deleted. The incidents are no longer accessible for evidentiary purposes.
Alerts that were associated with a deleted incident still display in the Alerts tab so you can manually add them to another incident. However, the rule engine will no longer pick up the alerts and automatically group them into incidents.
An audit log records the number of incidents that were deleted.