Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Request for Guidance on Updating “State” Field in Security Incident (SIR Scope)

MadhuDanalN
Tera Contributor

‎10-15-2025 05:21 AM

I need your guidance on updating the State field choices in the Security Incident [sn_si_incident] table within the SIR scope.

Currently, the State field displays the OOTB values — Draft, Analysis, Contain, Eradicate, Recover, Resolved, Closed.
I would like to modify these to align with our standard workflow as follows:

  • New

  • In Progress

  • On Hold

  • Escalate

  • Resolved

  • Closed

Could you please advise on the correct approach to update the OOTB State field within the SIR scope, preferably without creating a new field?
If any configuration steps or permissions are required (e.g., using a dictionary override or process definition update), when i remove that existing felid its showing in the form ,
So what happened when i refresh new choice will be visible and suddenly back to existing choices,
please guide me on the process.

0 Helpfuls
  • 1,231 Views
5 REPLIES 5

NityaB161013953
Mega Patron

‎10-16-2025 12:02 AM

Hi @MadhuDanalN ,

 

  • Go to Security Incident > Administration > Process Definitions.

  • Open the active definition and update the State Model or Phases to match your workflow.

  • Update Choice List entries under the same definition, not the field dictionary.

  • Publish/activate the updated process.

 

0 Helpfuls