Close Incidents

Close one incident at a time or use Bulk Incident to close multiple incidents at once on Aperture.
When you Assess Incidents, you might sometimes find the content of an asset or how the asset is shared does not pose a threat to your organization. In these cases, you can close the incident individually or use Bulk Edit to close a group of incidents. You can select one of the default close categories or Customize the Incident Categories to better identify close incident states to suit your needs.
Keep in mind the Aperture service identified the asset as an incident because it matched one or more policy rules. Unless you change a setting (for example, changing a Collaborator or domain from Untrusted or Trusted), the Aperture service will identify the asset as an incident again the next time it scans that asset. You should Fine-Tune Policy rules so assets posing as real threats are the only assets identified as incidents.
If you wish to review the events recorded when the status of an incident changes, review these changes in the Remediation Activity Logs.
  • To close a group of incidents, click IncidentsAssets, and select up to 1000 incidents. Click Bulk EditChange Status, and select a closed category, denoted by a red icon po-incident-closed-icon.png .
    bulk-edit-close-incident.png
  • To close a single incident associated with an asset, click the asset name to view the Asset Details or Security Controls Incident Details, and select a closed Status category.
    po-close-incident.png
  • Choose from these Closed State Incident states.
    • No Reason found for incident.
    • Business Justified for incidents such as testing, Aperture tool demonstrations, and training.
    • Misidentified as a data pattern match or policy violation.

Related Documentation