Create Custom Incident Status
Administrators can configure custom status for incidents based on the security policies of an organization, such as In Progress, Pending, Awaiting Forensics, and more. The added custom status reflects in all incidents. Users can move incidents to a custom status from the incident listing and incident details pages. This enables security teams to define fine-grained incident lifecycle management process.
Note
In addition to the default incident status (Open, Close, and Merged), you can create a maximum of 10 custom incident status.
Before you Start
You must have Create/Update permission for Form Management to add a custom incident status.
Steps
To add a custom incident status, do the following:
Go to Admin Panel > Form Management > Incident.
Click the vertical ellipses next to the Incident tab and select Manage Status.
Click Add Status and enter a unique status name. For example, In Progress. The name of the status supports a maximum of 20 characters that includes alphabets, numbers, spaces and special characters.
Click Save.
Note
The new status applies to all incidents instantaneously.
Click Done to exit Manage Status.
Users can now move incidents to the newly added status.
Manage Incident Status
You can perform the following activities to manage incident status:
Edit a status to update the status name. The updated status name reflects in all incidents instantaneously.
Delete a status.
Note
You can delete a status if there is no incident linked to it.
If the deleted status is associated with a rule in the Rule Engine, then the rule is disabled automatically. You can find the disabled rules under Admin Panel > Rule Engine (Beta).
Reorder to display the incident status in a specific sequence.
Note
Open and Closed are the default start and end status respectively and you cannot reorder them.
Merged and Paused status are unique and not displayed in Manage Status.
Users cannot move incidents to the Open status when they are in a custom status.