4.4 Manage Incidents

You can perform the following activities related to Incidents:

4.4.1 Creating Incidents

To create an Incident:

  1. Click Incidents > Create Incident, or click Create Incident button on the Tool Bar. The New Incident window displays.

  2. Specify the following information:

    • Title: Specify the Title of the Incident.

    • State: To set state of the incident, select from the drop-down list.

    • Severity: To mention the severity of the incident, select from the drop-down list.

    • Priority: To mention the priority of the incident, select from the drop-down list.

    • Category: Specify the category of the Incident.

    • Responsible: To assign the responsibility to investigate and close the incident, select from the drop-down list.

    • Description: Specify the description of the Incident in the text area.

    • Resolution: Specify the resolution description in the text area.

  3. Click Create. The Incident ID automatically generates after you click Create.

NOTE:For more information on creating an incident grouping events, see Creating Incident in “Active Views Tab” section.

4.4.2 Viewing an Incident

To open an Incident

  1. Click Incidents > Display Incident View Manager or click Display Incident View Manager button on the Tool Bar.

  2. Open an Incident by:

    • Selecting a view from the Switch Views button in the bottom right corner.

    • Double click an incident in the Incident View Manager window.

4.4.3 Attaching Workflows to Incidents

To attach a workflow to an Incident:

  1. Open an incident.

  2. In the Incident window, click iTRAC Tab.

  3. Select an iTRAC process from the drop-down list.

  4. Click Save.

NOTE:You can attach only one process to an incident.

4.4.4 Adding Notes to Incidents

To add a note to an Incident:

  1. In the Incident window, click Notes Tab.

  2. Click Add. Add Notes to Incident window displays.

  3. Provide your notes and click OK.

  4. Click Save.

NOTE:To edit or delete the note, select a note in the Notes tab of the Incident window, right-click the note and select edit or delete.

4.4.5 Adding Attachments to Incidents

To add an attachment to Incident:

  1. In the Incident window, click Attachments Tab.

  2. Click Add. Add Attachment to Incident window displays.

  3. Click Browse, navigate to the attachment, and select it.

  4. Provide the following information, or accept the default entries:

    • Name

    • Description

    • Type

    • Subtype

    Click OK, click Save.

    NOTE:Right-click the attachment to view or save.

4.4.6 Executing Incident Actions

Any configured Javascript action or iTRAC activity can be executed on an incident.

To execute an incident action:

  1. Open an Incident.

  2. Click Execute Incident Action or select Actions>Execute Incident Action.

    The Execute Incident Action window displays.

  3. Select an Action or click Add Action to create a new one.

  4. Click Execute. If the action is a Javascript Action, a window opens to show the progress of the action.

  5. To add the command output to the Incident, click Attach to Incident.

    The action output is saved and can be viewed from the Attachments tab of the Incident.

4.4.7 Emailing an Incident

To mail an incident using the preinstalled Email Incident action, you must have an SMTP Integrator is configured with valid connection information and with the property SentinelDefaultEMailServer set to “true”. For more information, see “SMTP Integrator” documentation available at Novell website.

To email an Incident:

  1. Open an incident.

  2. Click Email Incident button.

    The Email Incident window displays.

  3. Provide:

    • Email Address

    • Email Subject

    • Email Message

  4. Select which HTML attachments should be included in the mail message: the events included in the incident, assets, vulnerabilities, Advisor attacks, incident history, attachments, and notes.

  5. Click OK.

4.4.8 Modifying Incidents

To edit an Incident:

  1. Click Incident tab. Click Incidents > Display Incident View. Alternatively, click Display Incident View button on the Tool Bar. Incident View window displays with the list of incidents.

  2. Right-click the incident you want to edit and select Modify.

  3. Incident window displays. Edit the following information:

    • Title

    • State

    • Severity

    • Priority

    • Category

    • Responsible

    • Description

    • Resolution

  4. Click Save.

    NOTE:Save button gets active only if you modify any information in Incidents screen.

4.4.9 Deleting Incidents

To delete an Incident:

  1. Click Incident tab. Click Incidents > Display Incident View Manager, or click Display Incident View button on the Tool Bar. The Incident View window displays.

  2. Right-click the incident you want to delete and select Delete.

  3. A confirmation Message displays. Select Yes.