Help Center> SecMaster> User Guide> Threat Operations> Alert Management> Converting an Alert to an Incident or Associating an Alert with an Incident
Updated on 2023-12-22 GMT+08:00
View PDF

Converting an Alert to an Incident or Associating an Alert with an Incident

Scenario

This section describes how to convert an alert to an incident and how to associate an alert with an incident.

Converting an Alert to an Incident

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the navigation pane on the left, choose Threat Operations > Alerts.

    Figure 2 Alerts

  5. In the alert list, locate the row that contains the target alert, click Convert to Incident in the Operation column. The Convert to Incident page is displayed on the right.
  6. On the displayed page, set the Incident Type. Retain the default settings for other parameters.

    The incident name is automatically set to the name of the current alert and can be modified.
    Figure 3 Converting an alert to an incident

  7. Click OK.

Associating an Alert with an Incident

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 4 Workspace management page

  4. In the navigation pane on the left, choose Threat Operations > Alerts.

    Figure 5 Alerts

  5. Associate an alert with an incident.

    1. In the alert list, click the name of the target alert. The Alert Overview slide-out panel is displayed.
    2. In the Basic Information area, click the Associated Incidents tab.
    3. Select the incident you want to associate and click OK in the lower right corner of the page.

  6. Associate multiple alerts to incidents once.

    1. In the alert list, select the alerts you want to associate and click Associated Incidents above the list.
    2. In the dialog box displayed, select the target incidents and click OK.

Parent topic: Alert Management