Creating incidents

You can create incidents manually or enable the rules for automatic creation of incidents. This topic describes how to create incidents manually.

You can create incidents by using the incident table or the alert table.

Creating incidents by using the incident table

To create an incident:

In the main menu, go to MONITORING & REPORTING → Incidents. Click the Create incident button.
On the General settings step, specify the following settings:
- Incident name
- Assignee
  This is an incident owner, the analyst who is responsible for the incident investigation and process. You can change an incident assignee at any time if the Status parameter is not set to Closed.
- Priority
  Possible values: Low, Medium, High, or Critical.
  
  Incident priority defines the order in which the incidents must be investigated by analysts. Incidents with the Critical priority are the most urgent ones and must be investigated first. You can change the incident priority manually.
- Description
  In this field, you can leave a description of the incident. For example, you can describe the issue or provide investigation results of the linked alerts. The description is added to the Description section of the incident details.
  
  This field is optional.
On the Linking alerts step, select the alerts that you want to link to the incident. You can link up to 200 alerts to an incident.
If you want to create an empty incident, skip this step. You can link alerts to the incident later, after the incident is created.
Click the Save button.

The incident is created.

Creating incidents by using the alert table

You create an incident by selecting the alerts to link to the new incident. Refer to linking alerts to incidents.