Security incidents

Security incidents are created in numerous ways, some manually and others automatically. You can also create response tasks, which define the actual steps to handle the security incident.

If you have a security role, you can use any of the following methods to manually create security incidents.

Table 1. Methods for manually creating security incidents
Method Description
Manually created from the Self-Service Security Incident catalog You can create security incidents by selecting from categories of security threats defined in the security incident catalog.
Manually created from incidents On the Incident form in incident management, click Create Security Incident to create a new security incident.
Manually converted from a security request On the Security Request form, click Convert to Security Incident to create a new security incident.
Manually create an incident from an alert On the Event Management Alert form, click Create Security Incident to create a new security incident.
Manually created from the Security Incident list New Security Incident Response records can be created using the Create New module on the navigation bar.
Manually converted from a vulnerability record (if the Vulnerability Response plugin is activated) On the Vulnerability Items form, click Create Security Incident to create a new security incident.

Automatic creation of security incidents

Generally, security admins are responsible for setting up alert rules used to automatically generate security incidents.

Table 2. Security admin method for creating security incidents
Method Description
Automatically created using alert rules Security incidents can be created based on alert rules defined in the Event management in your data center application.