Creating Incidents

Creating a custom incident will bypass all incident rules and is a convenient way to flag a user and/or device when you deem necessary. Custom incidents can revoke data access and provide a data recovery point.

Type - Provides a type of Security/Incident, but can be changed to a custom value.

Threat Level - (Optional) Used to indicate the severity of the incident with an increasing severity range of 0-10.

User - (Optional) Select a user to block system wide access.

IP Address - (Optional) Provide an IP address to block system wide access.

Dataset - (Optional) Select a Dataset/Pool to reference with this incident. Specifying a location will not limit the scope of the block.

Add Note - (Optional) Provide a reference note to include with this incident.

Example 1. Creating an incident to block John Doe for investigation

  1. Navigate to the Incidents - Summary Page.

  2. Click Create Incident to open the dialog.

  3. Click Select User and search for John’s username, jdoe@racktoplabs.com.

  4. Click on the correct John to block and click Select User.

  5. Check the box labeled Block User to apply an access block to John Doe.

  6. Click Create to finalize the custom incident.