Incidents
- SOCaaP will generate an 'Incident' when it identifies events which match a correlation rule. Correlation rules are defined per-customer and can be configured in the 'Rules' section.
- Incidents are assigned to the user who is handling/supporting the customer.
- An incidents remains open until the user closes it.
- Admins can manually add incidents and assign them to users if certain tasks are required on a customer network.
- The number of open incidents is shown beside the notification icon in the title bar.
The 'Incidents' menu allows users to manage incidents.
To open the incidents interface:
- Click the menu button at top-right and choose 'Incidents':
The following sections explain more about:
- Manage Incidents
- Incident Category Management
- Category Action Management