Assigning incidents to analysts
Assigning incidents to analysts
20 March 2024
ID 221567
As a work item, an incident should be assigned to an SOC analyst for inspection and possible investigation. You can change the assignee at any time. You can also remove the assignee to make the incident unassigned.
Incidents can be assigned only to analysts that have the access right to read and modify alerts and incidents.
To assign one or several incidents to an analyst:
- In the main menu, go to MONITORING & REPORTING → Incidents.
- Select the check boxes next to the incidents that you want to assign to the analyst.
- Click the Assign to button.
- In the Assign to analyst window, start typing the analyst name, and then select the name from the list.
You can select the Not assigned option. In this case, the selected incidents become unassigned and their status changes to New.
- Click the Save button.
The incidents are assigned to the analyst.
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.