To view information about an incident:
This opens a window containing information about the incident.
Some incident parameters are editable.
In the upper part of the Incident details window, there is a toolbar and the name of the user to whom the incident is assigned. The window sections are displayed as tabs. You can click a tab to move to the relevant section. In this window, you can process the incident: assign it to a user, combine it with another incident, or close it.
The Description section contains the following data:
You can change the name of an incident by entering a new name in the field and clicking Save The name must contain 1 to 128 Unicode characters.
The tenant can be changed by selecting the required tenant from the drop-down list and clicking Save
Priority can be changed by selecting the required value from the drop-down list and clicking Save.
To change the description, edit the text in the field and click Save. The description can contain no more than 256 Unicode characters.
The list of available tenants can be changed by checking the boxes next to the required tenants in the drop-down list and clicking Save.
The Related alerts section contains a table of alerts related to the incident. When you click on the alert name, a window opens with detailed information about this alert.
The Related endpoints and Related users sections contain tables with data on assets and users related to the incident. This information comes from alerts that are related to the incident.
You can add data to the tables in the Related alerts, Related endpoints and Related users sections by clicking the Link button in the appropriate section and selecting the object to be linked to the incident in the opened window. If required, you can unlink objects from the incident. To do this, select the objects as required, click Unlink in the section to which they belong, and save the changes. If objects were automatically added to the incident, they cannot be unlinked until the alert mentioning those objects is unlinked. The composition of the fields in the tables can be changed by clicking the button in the relevant section. You can search the data in the tables of these sections using the Search fields.
The Change log section contains a record of the changes you and your users made to the incident. Changes are automatically logged, but it is also possible to add comments manually.
In the RuCERT integration section, you can monitor the incident status in RuCERT. In this section, you can also export incident data to RuCERT, send files to RuCERT, and exchange messages with RuCERT experts.
If incident settings have been modified on the RuCERT side, a corresponding notification is displayed in the incident window in KUMA. In this case, for the settings whose values were modified, the window displays the values from KUMA and the values from RuCERT.
Page top