Splunk® Mission Control

Investigate and Respond to Threats in Splunk Mission Control

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Create an incident in Splunk Mission Control

You can create incidents in Splunk Mission Control using the following process. All of your Splunk Enterprise Security (Cloud) notable events are automatically ingested into Splunk Mission Control as incidents.

To manually create an incident in Splunk Mission Control, do the following:

  1. Select Incident review on the menu bar in Splunk Mission Control.
  2. Select + Incident.
    1. Enter a name for the incident in the Name field.
    2. (Optional) Select Advanced to configure some incident fields.
    3. (Optional) Change the default status.
    4. (Optional) Change the default urgency.
    5. (Optional) Change the default sensitivity for the incident based on the US-CERT TLP.
    6. (Optional) Change the default incident type to associate an incident with another area of Splunk Mission Control, such as a response template. See Create incident types.
    7. (Optional) Change the default disposition value to reflect the classification of the incident.
    8. (Optional) Enter a description for the incident.
  3. Select Submit to save and create the incident.

After you create an incident, you can start investigating it. See Investigate an incident in Splunk Mission Control.

When an incident is created in Splunk Mission Control with summary data, all active playbooks that operate on the incident type for that incident are triggered to run automatically. To learn more about incident types, see Create incident types.

Last modified on 12 April, 2023
Triage incidents using incident review in Splunk Mission Control
Investigate an incident in Splunk Mission Control

This documentation applies to the following versions of Splunk® Mission Control: Current

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters