Updated on 2024-11-21 GMT+08:00

Adding and Editing an Incident

Scenario

This section describes how to add or edit an incident.

Adding an Incident

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Threat Operations > Incidents.

    Figure 2 Incidents

  6. On the Incidents page, click Add. On the displayed Add page, set parameters as described in Table 1.

    Table 1 Parameters for adding an incident

    Parameter

    Description

    Basic Information

    Incident Name

    Custom incident name. The value must contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 255 characters

    Type

    Incident type

    (Optional) Service ID

    Enter the service ID corresponding to the incident.

    Incident Severity

    Select a severity level.

    Status

    Select an incident status.

    (Optional) Owner

    Primary owner of the incident.

    Data Source Product Name

    Select the name of the data source product.

    Data Source Type

    Select the type of the data source. For example, if the data source is a cloud service, select the cloud service.

    Timeline

    First Occurrence Time

    Time when the incident occurred first time.

    (Optional) Last Occurrence Time

    Time when the incident occurred last time.

    (Optional) Planned Closure Time

    Time to close the incident.

    Other

    (Optional) Verification Status

    Verification status of the incident to identify the accuracy of the incident.

    (Optional) Stage

    Incident phase.

    • Preparation: Prepare resources to process incidents.
    • Detection and analysis: Detect and analyze the cause of an incident.
    • Containment, extradition, and recovery: Handle an incident.
    • Post Incident Activity: Follow-up activities.

    (Optional) Debugging data

    Whether to enable simulated debugging

    (Optional) Labels

    Label of the incident.

    Description

    Incident description. The value can contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 1,024 characters.

  7. Click OK. The incident is created.

Editing an Incident

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 3 Workspace management page

  5. In the navigation pane on the left, choose Threat Operations > Incidents.

    Figure 4 Incidents

  6. In the incident list, locate the row that contains the target incident and click Edit in the Operation column.
  7. On the Edit page that is displayed, edit incident parameters.

    Table 2 Parameters for editing an incident

    Parameter

    Description

    Basic Information

    Incident Name

    Custom incident name. The value must contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 255 characters

    Incident Type

    Incident type

    (Optional) Service ID

    Enter the service ID corresponding to the incident.

    Incident Level

    Select a severity level.

    Status

    Select an incident status.

    (Optional) Owner

    Primary owner of the incident.

    Data Source Name

    Name of the data source, which cannot be changed

    Data Source Type

    Type of the data source, which cannot be changed

    Timeline

    First Occurrence Time

    Time when the incident occurred first time.

    (Optional) Last Occurrence Time

    Time when the incident occurred last time.

    (Optional) Planned Closure Time

    Time to close the incident.

    Other

    (Optional) Verification Status

    Verification status of the incident to identify the accuracy of the incident.

    (Optional) Phase

    Incident phase.

    • Preparation: Prepare resources to process incidents.
    • Detection and analysis: Detect and analyze the cause of an incident.
    • Contain, extradition, and recovery: Handle an incident.
    • Post Incident Activity: Follow-up activities.

    (Optional) Debugging data

    Whether to enable simulated debugging. This parameter cannot be modified once configured.

    (Optional) Label

    Label of the incident.

    Description

    Incident description. The value can contain:

    • Only uppercase letters, lowercase letters, digits, and the special characters: -_ ()
    • A maximum of 1,024 characters.

  8. Click OK. The incident editing is complete.