Updated on 2023-12-22 GMT+08:00

Adding or Editing an Incident

Scenario

This section describes how to add or edit an incident.

Adding an Incident

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the navigation pane on the left, choose Threat Operations > Incidents.

    Figure 2 Incidents

  5. On the Incidents page, click Add. On the displayed Add page, set parameters as described in Table 1.

    Table 1 Parameters for adding an incident

    Parameter

    Description

    Basic Information

    Incident Name

    Custom incident name. The value must contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 255 characters

    Incident Type

    Incident type

    (Optional) Service ID

    Enter the service ID corresponding to the incident.

    Incident Level

    Severity level. The options are Tips, Low, Medium, High, and Fatal.

    Status

    Incident status. The options are Open, Blocked, and Closed.

    Data Source Name

    Data source name

    Data Source Type

    Type of the data source. The options are Huawei, Third-party, and Tenant.

    (Optional) Owner

    Primary owner of the incident.

    Timeline

    First Occurrence Time

    Time when the incident occurred first time.

    (Optional) Last Occurrence Time

    Time when the incident occurred last time.

    (Optional) Planned Closure Time

    Time to close the incident.

    Other

    (Optional) Verification Status

    Verification status of the incident to identify the accuracy of the incident. The options are Unknown, Positive, and False positive.

    (Optional) Stage

    Incident phase.

    • Preparation: Prepare resources to process incidents.
    • Detection and analysis: Detect and analyze the cause of an incident.
    • Contain, extradition, and recovery: Handle an incident.
    • Post Incident Activity: Follow-up activities.

    (Optional) Debugging data

    Whether to enable simulated debugging

    (Optional) Label

    Label of the incident.

    Description

    Incident description. The value can contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 1,024 characters.

  6. Click OK. The incident is created.

Editing an Incident

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 3 Workspace management page

  4. In the navigation pane on the left, choose Threat Operations > Incidents.

    Figure 4 Incidents

  5. In the incident list, locate the row that contains the target incident and click Edit in the Operation column.
  6. On the Edit page that is displayed, edit incident parameters.

    Table 2 Parameters for editing an incident

    Parameter

    Description

    Basic Information

    Incident Name

    Custom incident name. The value must contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 255 characters

    Incident Type

    Incident type

    (Optional) Service ID

    Enter the service ID corresponding to the incident.

    Incident Level

    Severity level. The options are Tips, Low, Medium, High, and Fatal.

    Status

    Incident status. The options are Open, Blocked, and Closed.

    Data Source Name

    Name of the data source, which cannot be changed

    Data Source Type

    Type of the data source, which cannot be changed

    (Optional) Owner

    Primary owner of the incident.

    Timeline

    First Occurrence Time

    Time when the incident occurred first time.

    (Optional) Last Occurrence Time

    Time when the incident occurred last time.

    (Optional) Planned Closure Time

    Time to close the incident.

    Other

    (Optional) Verification Status

    Verification status of the incident to identify the accuracy of the incident. The options are Unknown, Positive, and False positive.

    (Optional) Phase

    Incident phase.

    • Preparation: Prepare resources to process incidents.
    • Detection and analysis: Detect and analyze the cause of an incident.
    • Contain, extradition, and recovery: Handle an incident.
    • Post Incident Activity: Follow-up activities.

    (Optional) Debugging data

    Whether to enable simulated debugging. This parameter cannot be modified once configured.

    (Optional) Label

    Label of the incident.

    Description

    Incident description. The value can contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 1,024 characters.

  7. Click OK. The incident editing is complete.