As a work item, an incident should be assigned to a SOC analyst for inspection and possible investigation. You can change the assignee at any time. You can also remove the assignee to make the incident unassigned.
Incidents can be assigned only to analysts that have the access right to read and modify alerts and incidents.
To assign one or several incidents to an analyst:
You can select the Not assigned option. In this case, the selected incidents become unassigned and their status changes to New.
The incidents are assigned to the analyst.