In the Add Events to an Incident dialog, analysts can add alerts to an existing incident so that incident responders look at the associated events as part of an incident response. Related procedures are available in Manage Context Hub Lists and List Values in Investigation.
To access this dialog, while investigating a service in the Investigation > Events view, select Incidents > Add to Existing Incident from the toolbar.
The Add Alerts to an Incident dialog has features shown in the table below.
|Alert Summary||The Alert Summary field is filled by the query that produced the select alerts, which you selected to create this incident. The Severity field reflects the Severity of the selected alert, an integer between 1 and 100.|
|Search||Allows you to search for an existing event.|
|ID||The ID of the incident. You can sort IDs in ascending or descending order.|
|Name||The incident name. You can sort the Name in ascending or descending order.|
|Date Created||Displays the date and time the incident was created. You can sort the dates in ascending or descending order.|
|Priority||Displays the priority of the incident: either low or critical.|
|Cancel||Closes the dialog without saving changes.|
|Add to Incident||Adds the alerts to the incident. A dialog confirms that alerts are successfully added|