Converting an Alert to an Incident or Associating an Alert with an Incident

Scenario

This section describes how to convert an alert to an incident and how to associate an alert with an incident.

Converting an Alert to an Incident

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 1 Workspace management page
   

4. In the navigation pane on the left, choose Threat Operations > Alerts.
   Figure 2 Alerts
   

5. In the alert list, locate the row that contains the target alert, click Convert to Incident in the Operation column. The Convert to Incident page is displayed on the right.

   In addition, you can click Alert-to-Incident in the upper right corner of the details page of an alarm.

6. On the Convert to Incident page, specify Incident Name and Incident Type.

   The incident name is automatically set to the name of the current alert and can be modified.

7. Click OK.

Associating an Alert with an Incident

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 3 Workspace management page
   

4. In the navigation pane on the left, choose Threat Operations > Alerts.
   Figure 4 Alerts
   

5. In the alert list, select the alerts you want to associate and click Associated Event above the list. The Bind Incident dialog box is displayed.
6. In the dialog box displayed, select the target incidents and click OK.