Kaspersky Next XDR Expert allows you to configure the automatic assignment of alerts, incidents, and child incidents to an analyst. If automatic assignment is enabled, alerts or incidents that are already assigned to a user group manually or by using a playbook will be automatically assigned to an analyst from that group. The analyst who is assigned an alert or incident must meet the following conditions:
If multiple analysts meet the criteria for automatic assignment, the application assigns the alert or incident to one of them at random.
If there are no users in the group assigned to the alert or incident, or if no eligible users (for example, all users have the Busy status), the alert or incident will remain assigned to the group.
The automatic assignment runs only once, at the moment the alert or incident is assigned to the user group. If the application cannot assign the alert or incident to a user during this initial attempt, the alert or incident remains assigned to the group. No further attempts to assign the alert or incident are made.
To configure automatic assignment, you must have one of the following XDR roles: Main administrator, SOC administrator, Tenant administrator.
To configure the automatic assignment of alerts and incidents:
The tenant's properties window opens.
Once this value is reached, the analyst is included in the list of users eligible for alert and/or incident assignment. By default, the value is 5.
The automatic assignment is configured.
After an alert or incident is automatically assigned to a user, the assignment information will be displayed in the alert or incident details under the History section. When an alert or incident is automatically assigned, the log records System as the author.
Page top