Creating custom incidents in MDR Web Console

Creating custom incidents is not available in some of the commercial license tiers.

If you consider some activity in your infrastructure to be a threat but Kaspersky Managed Detection and Response did not create an incident automatically, you can add a new incident manually.

According to the terms of the service level agreement (SLA), the number of manually created incidents that are eligible for processing by the security team is limited. Information about the limitations is available on the MDR Usage tab in Kaspersky Security Center. On this tab, you can track the usage of the manually created incidents for the current period (for example, for the current week):

The total number incidents that you can create for the current period. These incidents are to be processed by the security team, according to the SLA. You can create more incidents than specified in the MDR Agreement, but compliance with the SLA time frames is not guaranteed for processing of such incidents.
The remaining number of incidents that you can create for the current period.

To add a new incident:

In the MDR Web Console window, navigate to the Incidents menu item.
The incident list opens.
In the upper part of the window, click the Add button.
The new incident block appears.
Fill in the following fields:
- Summary
  A brief commentary about the incident.
- Description
  Free-form detailed information about the incident. Markdown is supported
- Assets
  The asset(s) compromised in the incident. For this field, assets that already exist in MDR Web Console and Kaspersky Security Center are suggested.
If necessary, fill in the Tenant field.
For the Tenant field, tenants that already exist in Console and the Root without tenants value are suggested.
Click the Send button.
The new incident block disappears.

The new incident is added to the incident list in MDR Web Console. You can view detailed information about this incident and the processing responses to it.

Page top