5.4 Manage Incidents

You can perform the following activities related to incidents:

5.4.1 Creating Incidents

  1. Click Incidents > Create Incident, or click the Create Incident button on the toolbar. The New Incident window displays.

  2. Specify the following information:

    • Title: Specify the title of the incident.

    • State: To set state of the incident, select from the drop-down list.

    • Severity: To indicate the severity of the incident, select from the drop-down list.

    • Priority: To indicate the priority of the incident, select from the drop-down list.

    • Category: Specify the category of the incident.

    • Responsible: To assign the responsibility to investigate and close the incident, select from the drop-down list.

    • Description: Specify the description of the incident in the text area.

    • Resolution: Specify the resolution description in the text area.

  3. Click Create.The incident ID automatically generates after you click Create.

For more information on creating an incident and grouping events, see Section 3.7, Creating Incidents.

5.4.2 Viewing an Incident

  1. Click Incidents > Display Incident View Manager or click the Display Incident View Manager button on the toolbar.

  2. Open an incident by doing one of the following:

    • Selecting a view from the Switch Views button in the bottom right corner.

    • Double-click an incident in the Incident View Manager window.

5.4.3 Attaching Workflows to Incidents

  1. Open an incident.

  2. In the Incident window, click the iTRAC tab.

  3. Select an iTRAC process from the drop-down list.

  4. Click Save.

NOTE:You can attach only one process to an incident.

5.4.4 Adding Notes to Incidents

  1. In the Incident window, click the Notes tab.

  2. Click Add. The Add Notes to Incident window displays.

  3. Provide your notes and click OK.

  4. Click Save.

NOTE:To edit or delete the note, right-click a note in the Notes tab of the Incident window and select Edit or Delete.

5.4.5 Adding Attachments to Incidents

  1. In the Incident window, click the Attachments tab.

  2. Click Add.The Add Attachment to Incident window displays.

  3. Click Browse, navigate to the attachment, and select it.

  4. Provide the following information, or accept the default entries:

    • Name

    • Description

    • Type

    • Subtype

  5. Click OK, then click Save.

    Right-click the attachment to view or save.

5.4.6 Executing Incident Actions

Any configured JavasScript action or iTRAC activity can be executed on an incident.

  1. Open an incident.

  2. Click Actions > Execute Incident Action or click Execute Incident Action icon.

    The Execute Incident Action window displays.

  3. Select an action or click Add Action to create a new one.

  4. Click Execute. If the action is a JavaScript action, a window opens to show the progress of the action.

  5. To add the command output to the incident, click Attach to Incident.

    The action output is saved and can be viewed from the Attachments tab of the incident.

5.4.7 E-Mailing an Incident

To mail an incident by using the preinstalled Email Incident action, you must have an SMTP Integrator configured with valid connection information and with the SentinelDefaultEMailServer property set to “true”. For more information, see the SMTP Integrator documentation available at the Novell Sentinel Content Web site.

  1. Open an incident.

  2. Click the Email Incident button to display the Email Incident window.

  3. Provide the following:

    • Email Address

    • Email Subject

    • Email Message

  4. Select which HTML attachments should be included in the mail message, such as the events included in the incident, assets, vulnerabilities, Advisor attacks, incident history, attachments, and notes.

  5. Click OK.

5.4.8 Modifying Incidents

  1. Click the Incident tab, then click Incidents > Display Incident View. Alternatively, click the Display Incident View button on the toolbar. The Incident View window displays with the list of incidents.

  2. Right-click the incident you want to edit and select Modify.

  3. The Incident window displays. Edit the following information:

    • Title

    • State

    • Severity

    • Priority

    • Category

    • Responsible

    • Description

    • Resolution

  4. Click Save.

    Save button is active only if you modify any information in the Incidents window.

5.4.9 Deleting Incidents

  1. Click the Incident tab, then.click Incidents > Display Incident View Manager, or click the Display Incident View button on the toolbar. The Incident View window displays.

  2. Right-click the incident you want to delete and select Delete.

  3. A confirmation Message displays. Select Yes.