Incident Management: Add a Journal Entry

Document created by RSA Information Design and Development on Jun 26, 2017Last modified by RSA Information Design and Development on Jul 27, 2017
Version 2Show Document
  • View in full screen mode
  

You create a journal entry for an incident to capture additional information regarding the incident that helps the assignee understand the incident and track it in a better way.

Procedure

To create a journal entry for an incident:

  1. In the Security Analytics menu, select Incidents > Queue.
    The My Incidents view is displayed.
  2. In the My Incidents view, double-click an incident.
    The incident details view is displayed.
  3. Under Incident Journal, click Icon-Add.png
    The New Journal Entry dialog is displayed.
  4. Provide the required information. The Notes field is required. Type in relevant useful information in the Notes field to describe the investigation. The Investigation Milestone and file attachments are optional and can be included when it is useful for further investigation. The Investigation Milestone options are: Reconnaissance, Delivery, Exploitation, Installation, Command and Control, Action On Objective, Containment, Eradication, and Closure. 
  5. Click Publish Journal Entry.
    The journal entry is created and displayed under Incident Journal.
You are here
Table of Contents > Incident Management Process Flow > Investigate an Incident > Add a Journal Entry

Attachments

    Outcomes