Incident Management: Add Alerts to an Existing Incident

Document created by RSA Information Design and Development on Nov 23, 2016
Version 1Show Document
  • View in full screen mode
  

This procedure is required when you have an alert with a particular criteria that fits an existing incident and you do not have to create a new incident.

To add an alert to an existing incident:

  1. In the Security Analytics menu, select Incidents > Alerts.
    The All Alerts view is displayed.
  2. In the alert details view in the right-hand bottom half of the page, select one or more alerts that need to be added to an incident.
  3. Click add_to_incident.png.
    The Add the selected Alerts to an Incident dialog is displayed.
    All the incidents assigned to you that are still open are displayed. You can search within the dialog to narrow down the list.
    add_alert_to_incident.png

Note: Only when you have an alert that does not have an incident ID assigned, the Add to an Incident option is enabled, else it is disabled if the alert is already part of an incident.

  1. Select an incident from the list displayed to which the alert needs to be added.
  2. Click Add to Incident.
    The selected alert or alerts are now part of the incident chosen and will have an incident ID.
Next Topic:Delete Alerts
You are here
Table of Contents > Review Alerts > Add Alerts to an Existing Incident

Attachments

    Outcomes