How To Create INC In Event View (New Tab) in Netwitness 11.1 ?

Discussion created by Suresh Thanikachalam on Sep 26, 2018
Latest reply on Sep 27, 2018 by Suresh Thanikachalam

Like • Show 0 Likes0
Comment • 4

Hi All,

Please let us know the process to create a direct INC with the logs from Event View (New Tab) in Netwitness 11.1, In the Old View its straight forward but in this view i tried multiple options but no luck.

It seems to be a bug for me, If yes hope RSA will fix it ASAP because it very time consuming to redo all setup twice to get the logs to the INC. If No Please let me know the exact option to move the logs to the INC from the new Event View Tab

Below snapshot is for better understanding of the issue which am referring.

This is from the old event view, where we can check the log box and from the incidents we can create a new incident and the same will be log in SECOPS as well for further investigations

This is from the New Event View, where i am not able to find the option to raise an INC directly.

Outcomes

Anurag Sinha

Sep 26, 2018 9:35 AM

You have to look under "Events" Tab to create manual incident;

Also you will have to create an "Incident Rule" as below;

Hopefully this should solve your query.

Actions

Suresh Thanikachalam @ Anurag Sinha on Sep 27, 2018 1:32 AM

Hi Anurag,

This is the process to create an INC from the old view of events viewer which we are already using, but my query is for the new view of the event viewer.

Actions

William Hart

Sep 26, 2018 10:26 AM

Correct, the ability to add/edit incidents directly from Event Analysis is not in 11.1. We are working to get that capability into that new workflow in an upcoming release.

Actions

Suresh Thanikachalam @ William Hart on Sep 27, 2018 1:37 AM

Thanks for the response, Hope this is fixed as soon as possible.

Also please let me know if this is the right place for this Discussion hence am observing few other missing options which need to reported/fixed in NEW 11.1 ?

Actions

4 Replies

Anurag Sinha Sep 26, 2018 9:35 AM
You have to look under "Events" Tab to create manual incident;

Also you will have to create an "Incident Rule" as below;

Hopefully this should solve your query.
Like • Show 0 Likes0
Actions
- Suresh Thanikachalam @ Anurag Sinha on Sep 27, 2018 1:32 AM
  Hi Anurag,
  
  This is the process to create an INC from the old view of events viewer which we are already using, but my query is for the new view of the event viewer.
  Like • Show 0 Likes0
  Actions
William Hart Sep 26, 2018 10:26 AM
Correct, the ability to add/edit incidents directly from Event Analysis is not in 11.1. We are working to get that capability into that new workflow in an upcoming release.
Like • Show 1 Like1
Actions
- Suresh Thanikachalam @ William Hart on Sep 27, 2018 1:37 AM
  Thanks for the response, Hope this is fixed as soon as possible.
  
  Also please let me know if this is the right place for this Discussion hence am observing few other missing options which need to reported/fixed in NEW 11.1 ?
  Like • Show 0 Likes0
  Actions

How To Create INC In Event View (New Tab) in Netwitness 11.1 ?

Outcomes

Related Content

Recommended Content