Click
in the Sentinel Control Center.For more information, see Section 12.1, Accessing Incidents.
From the menu, click
>or
Click the
button in the toolbar.Select the desired Incident in the Incidents View window.
When you view an incident, you see the tabs listed below where you can perform Incident related activities. As you investigate and remediate an Incident, additional information can be added to these tabs.
Events: Lists events attached to this Incident. For more information, see Section 2.5.4, Creating an Incident.
Assets: Lists assets affected by the events of this Incident.
Vulnerability: Lists asset vulnerabilities.
Advisor: Displays Asset attack and alert information.
iTRAC: Allows you to add a workflow to Incident.
History: Lists the activities performed on the current Incident.
Attachments: Allows you to add an attachment to the Incident created in the system.
Notes: Allows you to add notes to the Incident.
In the Incidents View window, select the desired Incident.
Click the
tab.Select a workflow from the iTRAC process drop-down list.
For more information about workflows, see Section 13.0, Configuring iTRAC Workflows.
Click
.You can attach only one workflow to an Incident.
In the Incidents View window, select the desired Incident.
Click the
tab, then click .Click
, then navigate to the attachment and select it.Specify the required information, or accept the default entries.
Click
, then click .You can right-click the attachment to view it or save it to your local hard drive.
In the Incidents View window, select the desired Incident.
Click the
tab, then click .Specify your notes, then click
.Click
to update the Incident.To edit or delete the note, select a note in the
tab of the Incident window, right-click the note, then select or .Any configured Javascript action or iTRAC activity can be executed on an Incident.
In the Incidents View window, select the desired Incident.
In the menu, click
> .or
Click the
button.Select an Action or click the
button to create a new one.Click
.If the action is a Javascript Action, a window opens to show the progress of the action.
To add the command output to the Incident, click the
button.The action output is saved and can be viewed from the
tab of the Incident.To e-mail an Incident using the preinstalled E-mail Incident action, you must have an SMTP Integrator configured with valid connection information and with the property SentinelDefaultEMailServer set to “true”. For more information, see the SMTP Integrator documentation available at the Sentinel Plug-in Web site.
In the Incidents View window, select the desired Incident.
Click the
icon.Specify the required information.
Select which HTML attachments should be included in the mail message: the events included in the incident, assets, vulnerabilities, Advisor attacks, incident history, attachments, and notes.
Click
.