You create a journal entry for an incident to capture additional information regarding the incident that helps the assignee understand the incident and track it in a better way.
Procedure
To create a journal entry for an incident:
- In the Security Analytics menu, select Incidents > Queue.
The My Incidents view is displayed. - In the My Incidents view, double-click an incident.
The incident details view is displayed. - Under Incident Journal, click
The New Journal Entry dialog is displayed. - Provide the required information. The Notes field is required. Type in relevant useful information in the Notes field to describe the investigation. The Investigation Milestone and file attachments are optional and can be included when it is useful for further investigation. The Investigation Milestone options are: Reconnaissance, Delivery, Exploitation, Installation, Command and Control, Action On Objective, Containment, Eradication, and Closure.
- Click Publish Journal Entry.
The journal entry is created and displayed under Incident Journal.
Previous Topic:Investigate an Incident
Next Topic:Create a Remediation Task
You are here
Table of Contents > Incident Management Process Flow > Investigate an Incident > Add a Journal Entry