Related Answers
Download topic as PDF
Create an incident in Splunk Mission Control
You can create incidents in Splunk Mission Control using the following process. All of your Splunk Enterprise Security (Cloud) notable events are automatically ingested into Splunk Mission Control as incidents.
To manually create an incident in Splunk Mission Control, do the following:
- Select Incident review on the menu bar in Splunk Mission Control.
- Select + Incident.
- Enter a name for the incident in the Name field.
- (Optional) Select Advanced to configure some incident fields.
- (Optional) Change the default status.
- (Optional) Change the default urgency.
- (Optional) Change the default sensitivity for the incident based on the US-CERT TLP.
- (Optional) Change the default incident type to associate an incident with another area of Splunk Mission Control, such as a response template. See Create incident types.
- (Optional) Change the default disposition value to reflect the classification of the incident.
- (Optional) Enter a description for the incident.
- Select Submit to save and create the incident.
After you create an incident, you can start investigating it. See Investigate an incident in Splunk Mission Control.
When an incident is created in Splunk Mission Control with summary data, all active playbooks that operate on the incident type for that incident are triggered to run automatically. To learn more about incident types, see Create incident types.
Last modified on 12 April, 2023
|
PREVIOUS Triage incidents using incident review in Splunk Mission Control |
NEXT Investigate an incident in Splunk Mission Control |
This documentation applies to the following versions of Splunk® Mission Control: Current
Feedback submitted, thanks!