Focus

SaaS Security Administrator's Guide

Customize the Incident Categories

Table of Contents

Customize the Incident Categories

Add custom incident categories on Data Security for Open or Closed states to help filter incidents and track changes.

Assigning an incident category to a policy violation allows you to filter and view incidents by category on Data Security. You assign incident categories when you:

Assess Incidents to provide a filtering mechanism.
Close incidents to provide an audit trail.
Assign incidents to other administrators to help provide context around the risk.

Data Security has two states:

Open
Closed

Within these two states are incident categories, and Data Security provides some default categories that suit most organizations’ incident management processes. By default, all incidents are Open and categorized as New. You cannot delete or rename default categories, but you can create new ones.

Map out the customize categories that your organization requires.
This planning is essential because you cannot delete or rename custom categories.
Verify that you have the required permissions.
You must be an administrator with a Super Admin role or an Admin with access to all apps to create new categories.
To create a custom category, select SettingsWorkflow SettingsIncident State and Categories.

If the field is not accessible, you do not have the required permissions to create a custom incident category.
1. Enter a Category Name and select Open or Closed state.
2. To create additional new categories, Add Category.
3. Save your changes.
4. Your custom category is an option when you Modify Incident Status or Close Incidents.

Track Down Threats with WildFire Report

Close Incidents