Welcome to Community Week 2025! Join us to learn, connect, and be recognized as we celebrate the spirit of Community and the power of AI. Get the details  

Request for Guidance on Updating “State” Field in Security Incident (SIR Scope)

MadhuDanalN
Tera Contributor

3 weeks ago

I need your guidance on updating the State field choices in the Security Incident [sn_si_incident] table within the SIR scope.

Currently, the State field displays the OOTB values — Draft, Analysis, Contain, Eradicate, Recover, Resolved, Closed.
I would like to modify these to align with our standard workflow as follows:

  • New

  • In Progress

  • On Hold

  • Escalate

  • Resolved

  • Closed

Could you please advise on the correct approach to update the OOTB State field within the SIR scope, preferably without creating a new field?
If any configuration steps or permissions are required (e.g., using a dictionary override or process definition update), when i remove that existing felid its showing in the form ,
So what happened when i refresh new choice will be visible and suddenly back to existing choices,
please guide me on the process.

0 Helpfuls
  • 436 Views
5 REPLIES 5

nityabans27
Tera Sage

3 weeks ago

Hi @MadhuDanalN ,

 

  • Go to Security Incident > Administration > Process Definitions.

  • Open the active definition and update the State Model or Phases to match your workflow.

  • Update Choice List entries under the same definition, not the field dictionary.

  • Publish/activate the updated process.

 

0 Helpfuls