View information in a security incident

  • Versão de lançamento: Australia
  • Atualizado 16 de jun. de 2026
  • 1 min. de leitura

    • You can perform several other actions on an existing security incident using the related links.

    Antes de Iniciar

    Role required: sn_si.basic

    Procedimento

    1. If it is not already open, open the security incident you want to update.
    2. Within Related Links, you can perform the following tasks,
      OpçãoDescrição
      View Manual Runbook View a list of runbooks available for this security incident.
      Response Workflow View any workflow associated with this incident.
      Add Multiple Observables Adds a list of observables in comma, new line, tab, or pipe delimited formats.
      Add to Security Case Adds the security incident to one or more security cases. You can also create a new security case and add this security incident to it.
      Get QRadar IP Summaries If a QRadar integration is available, and contains valid CIs, source, and destination IP addresses, it triggers the QRadar workflows and displays the results in work notes.
      Run Orchestration Choose and run a Security Operations workflow.
      View SLA timeline You can view an SLA timeline from a Task SLA record or from an SLA definition.
      Show All Related Lists Displays all standard related lists and any lists added manually.
      Nota:
      Manually added items are available only in this view.
      Show Affected Items Displays the lists of CIs, users, and services directly affected by this incident
      Show Related Items Displays the lists of related incidents, CIs, users, and groups affected by this incident.
      Show IoC Displays the lists of observables, indicators, malware, modes and methods, and security scan requests associated with this incident.
      Show Enrichment Data Displays the lists of enrichment data, processes, services, statistics, lookups, firewall logs, and compromised user information associated with this incident.
      Show Response Tasks Displays the lists of tasks, SLAs, risk score audits, outages, and Exchange searches associated with this incident.
      View Details in External System

      If this security incident was generated from an external application, directly or by events, and a link to the originating data was provided, the View Details in External System action opens the URL. You can view and search through the logs that generated this incident.
      Scan for Vulnerabilities If Vulnerability Response is activated, and you have selected at least one affected CI for the security incident, you can submit a scan request to determine what vulnerabilities exist on the CI.