Incident creation

To create an incident:

Open the KUMA web interface and select the Incidents section.
Click Create incident.
The window for creating an incident will open.
Fill in the mandatory parameters of the incident:
- In the Name field enter the name of the incident. The name must contain 1 to 128 Unicode characters.
- In the Tenant drop-down list, select the tenant that owns the created incident.
If necessary, provide other parameters for the incident:
- In the Priority drop-down list, select the severity of the incident. Available options: Low, Medium, High, Critical.
- In the First event time and Last event time fields, specify the time range in which events related to the incident were received.
- In the Category and Type drop-down lists, select the category and type of the incident. The available incident types depend on the selected category.
- Add the incident Description. The description can contain no more than 256 Unicode characters.
- In the Available tenants drop-down list, select the tenants whose alerts can be linked to the incident automatically.
- In the Related alerts section, add alerts related to the incident.
  Linking alerts to incidents
  To link an alert to an incident:
  1. In the Related alerts section of the incident window click Link.
    A window with a list of alerts not linked to incidents will open.
  2. Select the required alerts.
    PCRE regular expressions can be used to search alerts by user, asset, tenant, and correlation rule.
  3. Click Link.
  Alerts are now related to the incident and displayed in the Related alerts section.
  
  To unlink alerts from an incident:
  1. Select the relevant alerts in the Related alerts section and click Unlink.
  2. Click Save.
  Alerts have been unlinked from the incident. Also, the alert can be unlinked from the incident in the alert window using the Unlink button.
- In the Related endpoints section, add assets related to the incident.
  Linking assets to incidents
  To link an asset to an incident:
  1. In the Related endpoints section of the incident window, click Link.
    A window containing a list of assets will open.
  2. Select the relevant assets.
    You can use the Search field to look for assets.
  3. Click Link.
  Assets are now linked to the incident and are displayed in the Related endpoints section.
  
  To unlink assets from an incident:
  1. Select the relevant assets in the Related endpoints section and click Unlink.
  2. Click Save.
  The assets are now unlinked from the incident.
- In the Related users section, add users related to the incident.
  Linking users to incidents
  To link a user to an incident:
  1. In the Related users section of the incident window, click Link.
    The user list window opens.
  2. Select the required users.
    You can use the Search field to look for users.
  3. Click Link.
  Users are now linked to the incident and appear in the Related users section.
  
  To unlink users from the incident:
  1. Select the required users in the Related users section and click the Unlink button.
  2. Click Save.
  Users are unlinked from the incident.
- Add a Comment to the incident.
Click Save.

The incident has been created.

Page top