Table of Contents
Advertisement
To e-mail an incident:
1 After you save your incident, click the Incidents tab, Incidents > Incidents View.
2 Click the All Incidents option in the Switch View drop-down list located at the bottom right
corner.
3 Double-click an incident.
4 Click Email Incident
5 Provide the following information:
Email Address
Email Subject
Email Message
6 Click OK.
The e-mail messages have HTML attachments that address incident details, events, assets,
vulnerabilities, advisor information, attachment information, incident notes, and incident
history.
3.7 Creating Incidents
To perform this function you must have user permission to create incidents.
This is useful in grouping a set of events together as a whole representing something of interest
(group of similar events or set of different events that indicate a pattern of interest such an attack).
If events are not initially displayed in a newly created incident, it is probably because of a lag in the
time between display in the Real Time Events window and insertion into the database. If this occurs,
it takes a few minutes for the original events to be inserted into the database and display in the
incident.
To create an incident:
1 In a Real Time Event Table of the Navigator or a Snapshot Real Time Event Table, select an
event or a group of events, then right-click and select Create Incident.
2 In the New Incident window, fill in the necessary information in the following tabs:
Events: Shows which events make up the incident
Assets: Show affected assets
icon.
Active Views Tab
63
Advertisement
Table of Contents
