How to add an alert to an incident?
Objective
The purpose of this article is to guide users through the process of adding an alert(s) to an incident in ManageEngine EventLog Analyzer. This functionality helps streamline incident management by associating relevant alerts with an incident.
Steps to follow
Step 1: Navigate to the Alerts Section and select the Desired Alert(s)
- Navigate to the Alerts Tab > Alerts.
- Select the checkbox next to the alert(s) you wish to include in an incident. You can select multiple alerts if needed.
- Use the filter option to filter the alert(s) based on the specific criteria that you want to associate with an incident.
Step 2: Add to Incident
- Once selected, click the "Add to Incident" button at the top of the alert list.
- In the pop-up that appears, choose one of the following:
- Existing Incident(s): To link the alert(s) to an existing incident.
- Add New Incident: To create a new incident and associate the alert(s).
- Provide necessary details such as Incident Name, Description, Assignee, Severity, Status, Due Date, and Notes if needed (if creating a new incident).
- Click Create to complete the action.
Step 3: View Associated Incidents
- Navigate to the Alerts tab > Incident to view the incident details.
- You can also navigate to the Incident Overview tab under the Dashboard. This section offers a centralized view of all incidents, giving clear insights into active, overdue, and recent incidents. It enables teams to monitor efficiently and manage incident activity.
Tips
You can also configure Incident Rules to automate the creation of incidents, enabling more streamlined and efficient incident management. EventLog Analyzer allows you to define incident rules based on specific criteria such as Alert Profile, Device, or Device Group. When the configured threshold (i.e., a specified number of alerts within a defined time window) is met, an incident is automatically generated.
Steps to Create an Incident Rule
- Navigate to the Alerts Tab β Incident β Incident Rule β + Add Incident Rule.
- Provide a name and a description for the incident rule.
- Assign the incident to an admin or a technician using the Assign To drop-down menu.
- Choose the appropriate Severity level: Attention, Critical, or Trouble.
- Specify the threshold valueβan incident will be generated when the defined number of alerts is triggered within the set time window.
- In the Criteria section, define the conditions based on Device, Device Group, or Alert Profile. You can add multiple fields using the + icon, and combine conditions using AND/OR logical operators.
- Click Save to finalize the incident rule.
You can also automate the incident response using incident workflows
An incident workflow outlines the sequence of steps to be taken following a security incident. EventLog Analyzer enables you to define and associate incident workflows with security alerts; these workflows are automatically executed when alerts are triggered. By automating standard response measures through these workflows, you save a great deal of time and effort while also minimizing or eliminating potential damage.
An incident workflow outlines the sequence of steps to be taken following a security incident. EventLog Analyzer enables you to define and associate incident workflows with security alerts; these workflows are automatically executed when alerts are triggered. By automating standard response measures through these workflows, you save a great deal of time and effort while also minimizing or eliminating potential damage.
Steps to Enable Workflow for an Alert Profile
- Navigate to the Alerts tab > Alerts.
- Click on Manage Alert Profiles.
- Search and locate the alert profile for which you want to enable the workflow.
- Hover your cursor over the desired alert profile name and click on the update icon that appears next to it.
- In the alert profile configuration screen, Click on Workflow
- Enable the checkbox labeled Enable Workflow.
- From the dropdown, select the workflow you want to associate with this alert profile. you can select the predefined workflow or you can create a custom workflow by clicking on Add New Workflow.
- Click update to apply the changes.
Related topics and articles
- Help Guide: Incident management
- Help Guide: Steps to map search results as incidents
- Help Guide: Steps to map reports as incidents
- Help Guide: Incident workflow management
New to ADSelfService Plus?
Related Articles
Disk Space Alert: EventLog Analyzer Installation Drive Reaching Capacity Threshold
Issue description This document provides a technical overview, possible causes, recommended resolution steps, and best practices for handling the "Disk Space Alert: EventLog Analyzer Installation Drive Reaching Capacity Threshold" notification. This ...How to update the severity of an alert in EventLog Analyzer
Objective In ManageEngine EventLog Analyzer, each alert profile can be assigned a severity level (for example, Critical, Trouble, Attention, Info). Updating the severity level helps categorize alerts effectively and prioritize incident response. This ...How to set an alert notification for log collection failure
Objective This document will help you configure alert notification if log collection does not happen for a period of time for the devices added in EventLog Analyzer. Prerequisites You will need to have admin access to the EventLog Analyzer console. ...How to configure alert email format in EventLog Analyzer
Overview EventLog Analyzer allows you to choose the format for alert emails—either HTML or plain text. Selecting the right format ensures that the alert content is readable and compatible with your email client or organizational requirements. By ...How to modify the maximum alerts per alert profile in EventLog Analyzer
Objective EventLog Analyzer allows administrators to control the number of alerts triggered by a single alert profile each day. This helps avoid alert overload, reduce system strain, and ensure that only relevant alerts are generated by preventing ...