Creating Incidents

Incident creation refers to the process of logging and documenting significant events and correlation rule outputs. Depending on operational needs, incidents may be created either automatically (via the "Create Incident" function) or manually by authorized users.

Creating an Incident Using the "Create Incident" Active Action in the Job Scheduler

To create an incident using the Create Incident active action in the Job Scheduler, follow these steps:

1. Go to the Jobs List section (Main Menu - Job Scheduler - Jobs List) and create a new task

2. Add the Create Incident active action to the task and fill it out. Information on how to fill it is provided on the Active Actions Description page

3. Save the search job

4. When the search job results are received, the incident will be displayed in the Incident Manager

Useful Information

To learn more about how search jobs and active actions work, go to the Job Scheduler section.

---

Creating Manually

To create an incident manually:

1. Go to the Incident Manager
2. Click the Create Incident button. A modal window with incident parameters will appear:

• Mandatory fields:
  • Incident name - the name of the incident displayed in the general list of incidents
  • Incident description - a description that is displayed in the general list when the incident details are expanded
• Required fields:
  • Severity - the importance level of the incident
  • Reviewer - the employee or group of employees responsible for resolving the incident and its consequences
• Additional Information - additional information about the incident

3. Click the Create Incident button. After clicking, the created incident will appear in the general list