Generate a post-incident analysis in UI16 for a security incident with Now Assist for Security Incident Response

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 1 Minute Lesedauer

    • Automatically generate a post-incident analysis for a security incident that includes root cause analysis, impact assessment, and learning and recommendations information.

    Vorbereitungen

    You must have the post-incident analysis skill activated if you want a post-incident analysis generated automatically by Now Assist for Security Incident Response.

    If the Close notes are already populated manually prior to closing the security incident, this content is not over-written by Now Assist for Security Incident Response when analysts set the State field to Closed.

    Roles required: sn_si.analyst, sn_si.manager or sn_si.basic

    Prozedur

    1. In the legacy Core UI, navigate to All > Security Incident > Incidents and open a security incident that is assigned to you.
    2. Select Closed in the State field to close the security incident.
      The Close the security incident modal opens. The post-incident analysis and close notes are generated and a message prompting you to review them is displayed. Note the Now Assist icon (AI Sparkle icon) near the fields that indicates the content is generated by Now Assist for Security Incident Response.
    3. Review the report and close notes to check for accuracy and make any edits required.
      Any edits you make are preserved for one hour if you leave this page. After one hour, you must set the State to Closed again on the incident to regenerate the post-incident analysis and close notes.
    4. Select one from the list for the Close Code.
    5. Select Close Incident.
      The security incident is displayed.
    6. Select the Post Incident Review tab to view the analysis data.
      Hinweis:
      You can use the Now Assist icon on any of the post-incident analysis options and elaborate or shorten the Root Cause Analysis/Impact Assessment/Learnings and Recommendations and replace the text. Elaborate will help you add more information to the existing text. Shorten will make the selected text more concise.
    7. Select the Closure Information tab to view the close notes.