Create an incident from an alert When an alert or alert group requires additional work, you can open an incident for it. If Security Incident Response is activated, a security incident can be created. Before you beginRole required: evt_mgmt_admin, evt_mgmt_operator, or evt_mgmt_user About this task You can manually create incidents and security incidents from the Alert form. To prevent duplicate tasks, the system checks the conditions of all task templates before creating an incident. You can customize the created incident using the EvtMgmtCustomIncidentPopulator.populateFieldsFromAlert script include. The customization includes mapping fields from the alert to the incident or aborting the incident creation according to customized conditions. For more information, see Create an incident from an alert. You can populate incident fields using custom alert fields values that where populated from additional information fields. Use the EvtMgmtCustomIncidentPopulator script include to copy the values to the incident after copying the data to the alert, see Populate custom alert fields. Note: If Security Incident Response is activated, the base system includes an alert rule called Create security incidents for critical alerts. This alert rule creates security incidents when critical security events are reported. Procedure Navigate to Event Management > All Alerts. Click the alert Number. To create an incident: To create an incident, click Create Incident. To create a security incident, click Create Security incident. Click Update. ResultThe created incident appears in the Task field of the Alert form.