Modify Incident Status

Modify one incident at a time or use Bulk Incident to modify the status of multiple incidents without closing the incidents.
With automatic remediation, Prisma SaaS performs appropriate actions and updates the category and status for incidents matching a data pattern. For other open incidents, Prisma SaaS identifies these open incidents as
New
.
After you assess these new incidents, close the incidents that aren’t a threat to your organization. Then, modify the incident status for the remaining incidents that are threats.
You can modify the incident individually or modify a group of incidents. You can select a default open (denoted by a green icon)
Status
category:
  • Assigned
    —you assigned the incident to another administrator for remediation. Consider that you can assign such incidents as part of automatic remediation too.
  • In-Progress
    —you are investigating the incident.
  • Pending
    —you await the results of an action before you can assess and investigate the incident.
Additionally, you can customize the incident categories to create open incident categories to suit your organization’s needs.
If you want to review the changes made to an incident, review these changes in the Administration Activity Logs.
  • Modify a bulk of incidents.
    1. Click
      Incidents
      Assets
      .
    2. Select up to 1000 incidents to modify.
    3. Click
      Actions
      Change Status
      .
    4. Select an open
      Status
      , denoted by a green icon.
      bulk-edit-modify-status.png
  • Modify a single incident.
    1. Click the asset name to view the Asset Details or Security Controls Incident Details.
    2. Select an open
      Status
      , denoted by a green icon.
      close-incident.png

Recommended For You