Incident Management: Delete Incidents

Document created by RSA Information Design and Development on Mar 22, 2017
Version 1Show Document
  • View in full screen mode
  

This procedure is helpful to free up disk space by deleting incidents that are not needed.

Procedure

  1. In the Security Analytics menu, select Incidents > Queue.
    The My Incidents tab is displayed.
  2. Select the All Incidents tab to see all incidents for all analysts.
  3. Perform one of the following actions:
  • Select each incident to delete, then click Icon-DeleteText.png.
  • Click Icon-DeleteText.png, choose Delete by Time Range and select the time period to delete alerts.
  1. Click OK.
    DelAlrtsDg.png
  2. A confirmation dialog is displayed.
    delete_incidents_message.PNG
  3. Click OK to delete the incidents.

Result

Deleted incidents, which includes journal entries and remediation tasks, are deleted. The incidents are no longer accessible for evidentiary purposes.

Alerts that were associated with a deleted incident still display in the Alerts tab so you can manually add them to another incident. However, the rule engine will no longer pick up the alerts and automatically group them into incidents.

An audit log records the number of incidents that were deleted.

Previous Topic:Close an Incident
You are here
Table of Contents > Incident Management Process Flow > Delete Incidents

Attachments

    Outcomes