Skip to main content
Version: 5.1

Creating Incidents

Incident creation refers to the process of logging and documenting significant events and correlation rule outputs. Depending on operational needs, incidents may be created either automatically (via the "Create Incident" function) or manually by authorized users.

Creating an Incident Using the "Create Incident" Active Action in the Job Scheduler

To create an incident using the Create Incident active action in the Job Scheduler, follow these steps:

  1. Navigate to the Job List (Main Menu - Job Scheduler - Job List)

  2. Click the Create button to create a new task

  3. Fill in the main task fields, including Name, Search, and Duration of the lock. An example of task settings is provided below:

Settings incident

  1. Add the active action Create Incident to the task and fill it out. Information on filling out the main fields of the active action is available in the section Creating an Incident. An example configuration of the Create Incident active action is shown in the image below:

Example creating incident

  1. Save the search task by clicking the Save button at the bottom or top of the interface

The incident created as a result of the task execution will be displayed in the Incident Manager.

Useful Information

To learn more about how search tasks and active actions work, go to the Job Scheduler section.

Creating Manually

To create an incident manually:

  1. Go to the Incident Manager
  2. Click the Create Incident button. A modal window with incident parameters will appear:

alt text

The set of fields is formed in the incident card. By default, each incident contains the following list of fields:

  • Mandatory fields:
    • Incident name - the name of the incident displayed in the general list of incidents
    • Incident description - a description that is displayed in the general list when the incident details are expanded
  • Required fields:
    • Severity - the importance level of the incident
    • Comment - an explanatory comment for the incident
    • Reviewer - the employee or group of employees responsible for resolving the incident and its consequences
  • Additional Information - additional information about the incident
  1. Click the Save button. After clicking the button, the created incident will be displayed in the general list