Change the state of Incident Case elements

The state information is only for your own reference. As the investigation of the incident case progresses, you can change its state accordingly.

The default state of an incident case is Open when an incident case is created.

When the investigation is finished, you can close the incident case. The incident case stays in the system, but its state is shown as closed. It is a good idea to keep resolved incident cases as a record of past incidents or for future reference in dealing with new incidents.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the Incident Case you want to change the state for and select Properties.
  2. From the available options, select the new State.
  3. Click OK.
    The state of the incident case is changed.

Incident Case Properties dialog box

Use this dialog box to define the properties for an Incident Case.

Option Definition
Name The name of the element.
Comment

(Optional)

 A comment for your own reference.
State
  • Open — The incident case has been created, but investigation has not begun.
  • Under Investigation — The incident case is actively being investigated.
  • False Positive — Legitimate activity was incorrectly interpreted as suspicious. There is actually no incident.
  • Closed — The investigation is finished.
Priority

(Optional)

Adds a priority rating for your own reference.