Sending an incident to the Incident Response team for additional investigation

You can send an incident to the Incident Response team for investigation. This service involves the complete set of response actions, starting from initial analysis and early response actions up to detecting additional attack signs and preparing a plan for elimination of possible consequences.

When you pay for the subscription to the service, you obtain a number of investigation hours. You spend the investigation hours when you send an incident to the Incident Response team. If you do not have available investigation hours, you still can send an incident for investigation by purchasing a commercial service and creating a request manually.

You receive investigation results in the incident's Communication tab.

To send an incident to IR Retainer:

1. In the MDR Web Console window, navigate to the Incidents menu item.

   The incident list opens.

2. Click the string with the incident that you want to send to Incident Response team.

   The incident page opens.

3. On the Summary tab, in the Actions section, do one of the following:
   • If you have investigation hours, click the Escalate incident to the IR team button, and then confirm that you want to send the incident to IR Retainer.
   • If you do not have investigation hours, click the link, and then fill out the request creation form to purchase a commercial service.

The incident is sent. The Incident Response team experts will contact you through MDR Console as soon as possible after they receive the incident.

Page top