View related events and alerts in security incidents

As a security incident is being worked on, you can view the details of the events. For alerts, you can view and acknowledge these alerts, and create incidents or security incidents from them as needed.

Before you begin

You must have the Security Incident Response Event Management support plugin activated.

Role required: si.sn_agent

Procedure

  1. Navigate to any security incident list (for example, Security Incident > Incidents > Unassigned Incidents).
  2. If the resources affected by the security incident you are viewing have received alerts or events within the previous 24 hours, one or both of the following related lists appear:
    • Security Incident CI Alerts
    • Security Incident CI Events
  3. Click the related list you want to view.
    Related list Description
    Security Incident CI Alerts You can view details for alerts received within the previous 24 hours. You have the option of clicking Acknowledge to indicate that you are aware of the alert and it is being handled. Use Close to indicate that the alert is not important.
    Security Incident CI Events You can view details for event received within the previous 24 hours.