Security incidents

Security incidents can be created in numerous ways, some manually and others automatically. Additionally, you can create response tasks, which define the actual steps needed to handle the security incident.

If you have any security role, you can use any of the following methods for manually creating security incidents.

Table 1. Methods for manually creating security incidents
Method Description
Manually created from the Self-Service Security Incident catalog You can create security incidents by selecting from categories of security threats defined in the security incident catalog.
Manually created from incidents On the Incident form in incident management, click Create Security Incident to create a new security incident.
Manually converted from a security request On the Security Request form, click Convert to Security Incident button to create a new security incident.
Manually converted from an existing alert On the Event Management Alert form, click Create Security Incident to create a new security incident.
Manually created from the Security Incident list New security incident response (SIR) records can be created using the Create New module on the navigation bar.
Manually converted from a vulnerability record (if the Vulnerability Response plugin is activated) On the Vulnerability Items form, click Create Security Incident button to create a new security incident.

Automatic creation of security incidents

Generally, security admins will be responsible for setting up alert rules used to automatically generate security incidents.

Table 2. Security admin method for creating security incidents
Method Description
Automatically created using alert rules Security incidents can be created based on alert rules defined in the Event Management application.