Skip to main content
Version: 5.0

Creating Incidents

Creating incidents is the process of registering and documenting important events and the results of correlation rules. Incidents can be created automatically using the "Create Incident" feature or manually by users, depending on the specific situation and necessity.

Creating an Incident Using the "Create Incident" Active Action in the Job Scheduler

To create an incident using the Create Incident active action in the Job Scheduler, follow these steps:

  1. Navigate to the Job List (Main Menu - Job Scheduler - Job List) and create a new task

  2. Add the "Create Incident" active action to the task and configure it accordingly. Detailed instructions for configuration can be found on the Active Actions

  3. Save the search task.

  4. When the search task results are received, the incident will be displayed in the Incident Manager.

Useful Information

To learn more about how search tasks and active actions work, go to the Job Scheduler section.

Creating Manually

To create an incident manually:

  1. Go to the Incident Manager.
  2. Click the Create Incident button. A modal window with incident parameters will appear: alt text

In this window, you need to fill in the following fields:

  • Main fields:
    • Incident Name - the name of the incident displayed in the general list of incidents
    • Incident Description - a description that is displayed in the general list when the incident details are expanded
  • Mandatory fields:
    • Severity - the importance level of the incident
    • Reviewer - the employee or group of employees responsible for resolving the incident and its consequences
  • Additional Information - additional information about the incident
  1. Click the Save button. After clicking the button, the created incident will be displayed in the general list.