The Incidents page displays the list of incidents recorded by your machine. Here you’ll find the automatically stored incidents, or the manually generated ones. It is divided in to three distinct sections, as shown in Figure 20 – Incidents > Incidents: a filter, incident details, and insert incident.


Figure 20 – Incidents > Incidents

The simple filter returns the requested incidents depending on your criteria. Once you find the desired incident, using either the simple filter or the default list (all) that appears when you open the Incidents page, you can obtain or add more information about an incident by:

• Clicking the incident title.
  
• Clicking the ticket number.
  

Once either of the column entries is clicked, the details page for the particular incident appears. It features detailed information such the incident name, class, type, date created, IP address, etc. If the person who logged the incident ticket included any notes or important information relating to the incident, it would appear here.

There are two important features in this page:

• A. The Edit Incident button
  
• B. The New Ticket button
  

A) If you click Edit, you can manually update some of the information that appears in the details page. The modifiable fields include:

• Title
  
• Priority
  
• Type
  
• IP
  
• Port
  
• Nessus ID
  
• Risk
  
• Description
  

Once changes are made to any of the existing values, you must validate these changes by clicking OK. The new changes are then made on-the-fly and appear in the Incidents page for that particular incident.

B) You can also create a new ticket using the aforementioned New Ticket button. Be careful, this does not log a new incident or title, but rather lets you add a new ticket to an existing open ticket, or incident. Once you click New Ticket, you are re-directed to the New Ticket section of the Incidents detail page (alternately, you can simply scroll down to the bottom of the window and manually create a new ticket.)

There are six distinct fields that you can set using the New Ticket window:

The Status field lets you determine the current state of the new ticket, usually if it has been solved or not. By default, it is set to Open.

The Priority field lets you set the importance of the new ticket. By default, it is set to 3 → Low. You can set the new ticket’s priority from 1 (Low) to 10 (High). Alternatively, you can set the second drop-down list to Low, Medium, or High. If you set the drop-down list with numbers, the second drop-down list automatically toggles to Low, Medium, or High depending on the selected priority number. Conversely, if you select Low, Medium, or High from the drop-down list, the former drop-down list automatically sets to the lowest number for the state. For example, setting the drop-down list to High sets the number to 8; setting the drop-down list to 2 sets the status to Low.

The Transfer To field lets you transfer the new ticket to another user, if applicable.

The Attachment field allows you to add a file to the new ticket. This is good for adding additional information to the ticket.

The Description field is a text box that allows you to add all the additional comments or important information to your new ticket.

The Action field lets you add any actions to perform for the new ticket. The end user (a customer, some other department in the company, or just the people in charge) must know what is the Action required for that problem.

Once you completed your new ticket, you can validate it by clicking the Add ticket button at the bottom of the New Ticket page.

Users may also subscribe to tickets via email. A valid email address is required for this to work. Subscribers are notified of changes to the ticket whenever they occur.

The Incidents section features three distinct tabs, including the Types section, as shown in Figure 21 – Incidents > Types. In the Incidents page, you may recall working with a particular incident and notice that it had a “type” applied to it. Using the Types page, you can view or modify the list of available types for your incidents. These modifications include editing, adding, or deleting.


Figure 21 – Incidents > Types

You can quickly edit an existing incident type by clicking the Modify link in the Actions column for the incident ID. However, you are limited in what you can actually update. In fact, if you click Modify, a screen appears that allows you to add or modify a description in a text box. Once you have made the necessary changes to the incident type, click OK. If you make a change and decide that you would like to keep the text initially stored here, click Reset. This button acts like the Undo button; however, once you save your new text, you cannot revert to an earlier text description. A dialog box then appears confirming the successful changes; click Back.

If this feature does not suit your needs, you can always add a new incident type. At the bottom of the table of incident types, click Add new type. The screen that appears is similar in function to the Modify screen mentioned in the above paragraph; the primary difference is that you have an additional text box that allows you to enter an incident ID. Once you have added an ID (and description!), click OK. A dialog box appears confirming the successful changes; click Back.

Please note that you can modify the Incident type name in the user generated Types, but you can’t do that in the default ones.\\ 

The Incidents section features three distinct tabs, including the Tags section, as shown in Figure 22 – Incidents > Tags. In the Incidents page, you can you may recall working with a particular incident and notice that it had an “extra” applied to it. The “extra” is similar to a status for the incident. It can be used for example to classify the incidents. Using the Types Tags page, you can view or modify the list of available extras for your incidents. These modifications include editing, adding, or deleting.


Figure 22 – Incidents > Tags

You can quickly edit an existing incident type tag by clicking the Modify link in the Actions column for the tag ID. Unlike the Tags Types page, you can modify the description, as well as the ID name for the tag. Once you have made the necessary changes, click OK. You can always discard changes by clicking Cancel. Regardless of which button you click, you automatically return to the Tags page.

If this feature does not suit your needs, you can always add a new incident tag. At the bottom of the table of incident tags, click Add new tag. The screen that appears is similar in function to the Modify screen mentioned in the above paragraph; the primary difference is that the text boxes are empty. Once you have added an ID (and description!), click OK. You can always discard changes by clicking Cancel. Regardless of which button you click, you automatically return to the Tags page.

The Incidents section features four distinct tabs, including the Report section, as shown in Figure 23 – Incidents > Report. In the Report page, you can view a number of previously created reports that provide information regarding incidents.


Figure 23 – Incidents > Report

There are five separate reports in the Report page; however, it is important to note that you cannot modify them or manipulate these reports in any way.

There reports are:

• Incidents by status
  
• Incidents by type
  
• Incidents by user in charge
  
• Closed incidents by month
  
• Incident resolution time
  

Each graph provides numeric representation of the data; for example, the Incidents by type report lists the incident types that occurred as well as the number of incidents per type. Afterwards, a graphical representation is displayed based on this data.

• Written By: Jason A. Minto
• Reviewed By: Alberto Roman, Dominique Karg
• Contributors: Juan Blanco

Please add your name to the list above if you make significant improvements to this document