Adding new incidents in MDR Web Console
February 12, 2024
This feature is available only for the MDR Expert and MDR Advanced (available in some regions only) licenses.
If you consider some activity in your infrastructure to be a threat but Kaspersky Managed Detection and Response did not create an incident automatically, you can add a new incident manually.
According to the terms of the service level agreement (SLA), the number of manually created incidents that are eligible for processing by the security team is limited. Information about the limitations is available on the MDR Usage tab in Kaspersky Security Center. On this tab, you can track the usage of the manually created incidents for the current period (for example, for the current week):
- The total number incidents that you can create for the current period. These incidents are to be processed by the security team, according to the SLA. You can create more incidents than specified in the MDR Agreement, but compliance with the SLA time frames is not guaranteed for processing of such incidents.
- The remaining number of incidents that you can create for the current period.
To add a new incident:
- In the MDR Web Console window, navigate to the Incidents menu item.
The incident list opens.
- In the upper part of the window, click the Add button.
The new incident block appears.
- Fill in the following fields:
- If necessary, fill in the Tenant field.
For the Tenant field, tenants that already exist in Console and the Root without tenants value are suggested.
- Click the Send button.
The new incident block disappears.
The new incident is added to the incident list in MDR Web Console. You can view detailed information about this incident and the processing responses to it.