Security incidents

Security incidents are created in numerous ways, some manually and others automatically. You can also create response tasks, which define the actual steps to handle the security incident.

If you have a security role, you can use any of the following methods to manually create security incidents.

Table 1. Methods for manually creating security incidents
Method Description
Manually created from the Security Incident list On the Security Incident list, click New to create a new security incident.
Manually created from the Security Incident Catalog You can create security incidents by selecting from categories of security threats defined in the security incident catalog.
Manually created from incidents On the Incident form in incident management, click Create Security Incident to create a new security incident.
Manually converted from a security request On the Security Request form, click Convert to Security Incident to create a new security incident.
Manually created from an Event Management alert On the Event Management Alerts form, click Create Security incident to create a new security incident from an alert.
Manually created from an alert On the Event Management Alert form, click Create Security Incident to create a new security incident.
Manually converted from a vulnerability record (if the Vulnerability Response plugin is activated) On the Vulnerability Items form, click Create Security Incident to create a new security incident.

Automatic creation of security incidents

Generally, security administrators are responsible for setting up alert rules used to automatically generate security incidents.

Table 2. Security admin method for creating security incidents
Method Description
Automatically created using alert rules Security incidents can be created based on alert rules defined in the Event management in your data center application.