Managing Incidents

Current incidents are listed on the Incidents page. Click an incident in the list to see its details. Use the tools on the Incident Details page to monitor the incident until you're able to change its status to Closed or Dismissed.

On the Incident Details page, you can:

• Change the incident's status: New, Investigating, On Hold, Closed, or Dismissed.

• View the impact summary for the incident: How many users, locations, and applications does it affect?

• Add a note to the incident to document its cause and how it is being addressed.

• View the incident's Activity Log, which lists all the detections and user actions associated with it.

• Share the incident with other users by copying the link to the incident details and pasting it into a message of your choice.

• View the latest runbook analysis of the incident.