This procedure is helpful when an analyst wants to browse through various alerts, select the required alerts to group them, and create an incident to include the selected alerts.
To create an incident manually:
In the Security Analytics menu, select Incidents > Alerts.
The All Alerts view is displayed.
Select one or more alerts in the alert details view in the right hand bottom half of the page
Click Create an Incident.
The Create Incident dialog is displayed.
- Provide the following information:
Name - Type a name to identify the incident.
Summary - (Optional) Type a description for the incident.
Assignee - (Optional) Select a assignee to whom the incident is assigned.
Categories - (Optional) Select one or more categories to which the incident belongs.
Priority - Select a priority for the incident from the options Critical, High, Medium, or Low displayed in the drop-down list.
The incident is saved and displayed in the Incidents > Queue > All Incidents view.