How to add an alert to an incident?

How to add an alert to an incident?

Objective 

The purpose of this article is to guide users through the process of adding an alert(s) to an incident in ManageEngine EventLog Analyzer. This functionality helps streamline incident management by associating relevant alerts with an incident.

Steps to follow 

Step 1: Navigate to the Alerts Section   and select the Desired Alert(s)
  • Navigate to the Alerts Tab > Alerts.
  • Select the checkbox next to the alert(s) you wish to include in an incident. You can select multiple alerts if needed.
  • Use the filter option to filter the alert(s) based on the specific criteria that you want to associate with an incident.  
Step 2: Add to Incident  
  • Once selected, click the "Add to Incident" button at the top of the alert list.
  • In the pop-up that appears, choose one of the following:
    • Existing Incident(s): To link the alert(s) to an existing incident.
    • Add New Incident: To create a new incident and associate the alert(s).
  • Provide necessary details such as Incident NameDescription, AssigneeSeverityStatusDue Date, and Notes if needed (if creating a new incident).
  • Click Create to complete the action.
Step 3: View Associated Incidents  
  • Navigate to the Alerts tab > Incident to view the incident details.
  • You can also navigate to the Incident Overview tab under the Dashboard. This section offers a centralized view of all incidents, giving clear insights into active, overdue, and recent incidents. It enables teams to monitor efficiently and manage incident activity.

Tips 

You can also configure Incident Rules to automate the creation of incidents, enabling more streamlined and efficient incident management. EventLog Analyzer allows you to define incident rules based on specific criteria such as Alert Profile, Device, or Device Group. When the configured threshold (i.e., a specified number of alerts within a defined time window) is met, an incident is automatically generated.
Steps to Create an Incident Rule
  1. Navigate to the Alerts Tab β†’ Incident β†’ Incident Rule β†’ + Add Incident Rule.
  2. Provide a name and a description for the incident rule.
  3. Assign the incident to an admin or a technician using the Assign To drop-down menu.
  4. Choose the appropriate Severity level: AttentionCritical, or Trouble.
  5. Specify the threshold valueβ€”an incident will be generated when the defined number of alerts is triggered within the set time window.
  6. In the Criteria section, define the conditions based on DeviceDevice Group, or Alert Profile. You can add multiple fields using the + icon, and combine conditions using AND/OR logical operators.
  7. Click Save to finalize the incident rule.
You can also automate the incident response using incident workflows

An incident workflow outlines the sequence of steps to be taken following a security incident. EventLog Analyzer enables you to define and associate incident workflows with security alerts; these workflows are automatically executed when alerts are triggered. By automating standard response measures through these workflows, you save a great deal of time and effort while also minimizing or eliminating potential damage.
Steps to Enable Workflow for an Alert Profile
  1. Navigate to the Alerts tab > Alerts.
  2. Click on Manage Alert Profiles.
  3. Search and locate the alert profile for which you want to enable the workflow.
  4. Hover your cursor over the desired alert profile name and click on the update icon that appears next to it.
  5. In the alert profile configuration screen, Click on Workflow
  6. Enable the checkbox labeled Enable Workflow.
  7. From the dropdown, select the workflow you want to associate with this alert profile. you can select the predefined workflow or you can create a custom workflow by clicking on Add New Workflow.
  8. Click update to apply the changes.

 Related topics and articles 

  1. Help Guide: Incident management
  2. Help Guide: Steps to map search results as incidents
  3. Help Guide: Steps to map reports as incidents
  4. Help Guide: Incident workflow management
 
 
 
 
 
 

                  New to ADSelfService Plus?