Changing incident status
There is a column for status available in the incident list. In addition, when you select an incident, its status is displayed in the incident details.
To change the status of an incident:
- Select one or more incidents. Note that if you want to apply the action to all the filtered incidents, there is no need to make any selections.
- From the toolbar, select .
- Select a new status from the menu.
- Select a Change Status option:
- Select Selected incidents to change the status of only the incidents you selected in the list.
- Select All filtered incidents to change the status of all filtered incidents in the list.
There are 5 predefined statuses:
| Flag | Label | Definition |
|---|---|---|
|
New | An administrator has not acted on this incident yet. |
|
In Process | An administrator is reviewing this incident. |
|
Closed | This incident was reviewed and closed by an administrator. |
|
False Positive | An administrator identified this incident as a false positive or unintended match. |
|
Escalated | The incident was escalated to a manager or other person. |
Although you cannot change these statuses, you can add and maintain up to 17 more. To add a new status:
- Select .
- Click New in the resulting window.
- Enter a name for the status. It must be unique and fewer than 32 characters.
- Enter a description for the status, up to 1024 characters.
- Select from one of 12 available flags. If you add more than 12 statuses, you must reuse a flag.
- Click OK.
The new status is added to the top of the status list. Rearrange the order of the list by selecting a status and clicking the up or down arrow. The order is reflected in reports and in the incident list when it’s sorted by the status column.
Click a status name to edit its properties (predefined statuses are uneditable). If you rename a status, all incidents with that status are updated with the new name.
If you delete a status, incidents with that status retain their designation; however, the status is no longer available in report filters.