Manage security incidents and inbound requests After a security incident has been created, there are numerous types of information that can be added and viewed as your analysis of the issue progresses toward resolution. Create an inbound requestUnlike security incidents, inbound requests are generally of a lower priority. Requests for a lookup, scan, or a new badge is an example of inbound requests. Security incident observablesObservables are artifacts found on a network or operating system that are likely to indicate an intrusion. Typical observables are IP addresses, MD5 hashes of malware files or URLs, or domain names. Threat Intelligence observable table data is available from within a security incident.Lookups and scansYou can perform lookups and vulnerability scans from security incidents and from the security incident catalog to identify potential threats and vulnerabilities. On-demand orchestrationDuring Security Incident Response analysis, a security analyst may want to perform a task that is driven by a security incident workflow. For example, run a process dump on a particular CI. This can be accomplished with on-demand orchestration. Add incident details to a security incidentAfter a security incident is created, you can add more details to aid in analysis, such as access roles and different kinds of notes.Invoke a process dump for an enriched process in WindowsA security analyst can run a process dump on a specific process, dump it into a file, and post it to a shared site on an internal network. An analyst can then view a blacklisted process, highlighted in red in a security incident, and perform additional analysis.Perform tasks from security incident related linksYou can perform several other actions on an existing security incident using the related links.Calculate the severity of a security incidentYou can calculate the severity of a security incident using predefined calculators.Search for and delete phishing emails on an Exchange serverDeleting phishing emails can help reduce exposure to a specific attack across an organization. You can manage phishing emails on an Exchange Server by searching, granting approvals, and deleting. Escalate a security incidentIf an escalation path exists for a security incident, the Escalate button is available in the security incident header. Post incident reviewBased on the requirements of your business, a review of the origins and handling of security incidents is often needed. Close security incidentsWhen a security incident has transitioned to the Review state, it is possible to close it and enter an appropriate closure code. Closure codes can be searched on later for ease of location.