Incident Management: Add a Journal Entry

Document created by RSA Information Design and Development Employee on Oct 24, 2017Last modified by RSA Information Design and Development Employee on Jan 29, 2018
Version 2Show Document
  • View in full screen mode

You create a journal entry for an incident to capture additional information regarding the incident that helps the assignee understand the incident and track it in a better way.


To create a journal entry for an incident:

  1. In the Security Analytics menu, select Incidents > Queue.
    The My Incidents view is displayed.
  2. In the My Incidents view, double-click an incident.
    The incident details view is displayed.
  3. Under Incident Journal, click Icon-Add.png
    The New Journal Entry dialog is displayed.
  4. Provide the required information. The Notes field is required. Type in relevant useful information in the Notes field to describe the investigation. The Investigation Milestone and file attachments are optional and can be included when it is useful for further investigation. The Investigation Milestone options are: Reconnaissance, Delivery, Exploitation, Installation, Command and Control, Action On Objective, Containment, Eradication, and Closure. 
  5. Click Publish Journal Entry.
    The journal entry is created and displayed under Incident Journal.
You are here
Table of Contents > Incident Management Process Flow > Investigate an Incident > Add a Journal Entry