In the Create an Incident dialog, analysts can create an incident from selected events in the Events view. When creating the incident, analysts can identify the incident category and priority, and can assign handling of the incident to an SOC analyst.
To access this dialog, while investigating a service in the Investigation > Events view, select Incidents > Create New Incident from the toolbar.
The following figure is an example of the Create an Incident Dialog.
The Create an Incident dialog has the features shown in the table below.
|Create Summary from These Events||The Alert Summary field is filled by the query that produced the select alerts, which you selected to create this incident. The Severity field reflects the Severity of the selected alert, an integer between 1 and 100.|
|Name||(Required) Specifies a name to identify the incident. In the example, the name is Sample Incident. You can provide a name that clearly identifies the nature of events that will be added to this incident|
|Summary||(Optional) Specifies a description for the incident. A good summary clearly identifies the incident for other analysts and responders.|
|Assignee||(Optional) Assigns the incident to a user in the SOC. Clicking Assignee opens a drop-down list showing the user names of SOC personnel who respond to incidents.|
|Categories||(Optional) Identifies categories of incidents. Clicking Categories, opens a drop-down list of Incident categories and subcategories. You can select one or more categories to which the incident belongs. Categories fall into these major groups: Environmental, Error, Hacking, Malware, Misuse, and Social.|
|Priority||Identifies the priority for the incident. Clicking Priority opens a drop-down list of priorities: Critical, High, Medium, or Low displayed in the drop-down list.|
|Cancel||Closes the dialog without saving changes.|
|Save||Saves the incident and closes the dialog. A message confirms that the incident was created successfully.|