Assigning incidents to analysts

As a work item, an incident should be assigned to a SOC analyst for inspection and possible investigation. You can change the assignee at any time. You can also remove the assignee to make the incident unassigned.

Incidents can be assigned only to analysts that have the access right to read and modify alerts and incidents.

To assign one or several incidents to an analyst:

  1. In the main menu, go to MONITORING & REPORTING Incidents.
  2. Select the check boxes next to the incidents that you want to assign to the analyst.
  3. Click the Assign to button.
  4. In the Assign to analyst window, start typing the analyst name, and then select the name from the list.

    You can select the Not assigned option. In this case, the selected incidents become unassigned and their status changes to New.

  5. Click the Save button.

The incidents are assigned to the analyst.

See also:

About incidents

Changing an incident status

Changing an incident priority

Viewing incident details

Page top