Request for Guidance on Updating “State” Field in Security Incident (SIR Scope)

MadhuDanalN
Tera Contributor

‎10-15-2025 05:21 AM

I need your guidance on updating the State field choices in the Security Incident [sn_si_incident] table within the SIR scope.

Currently, the State field displays the OOTB values — Draft, Analysis, Contain, Eradicate, Recover, Resolved, Closed.
I would like to modify these to align with our standard workflow as follows:

  • New

  • In Progress

  • On Hold

  • Escalate

  • Resolved

  • Closed

Could you please advise on the correct approach to update the OOTB State field within the SIR scope, preferably without creating a new field?
If any configuration steps or permissions are required (e.g., using a dictionary override or process definition update), when i remove that existing felid its showing in the form ,
So what happened when i refresh new choice will be visible and suddenly back to existing choices,
please guide me on the process.

0 Helpfuls
  • 726 Views
5 REPLIES 5

nityabans27
Mega Patron

‎10-16-2025 12:02 AM

Hi @MadhuDanalN ,

 

  • Go to Security Incident > Administration > Process Definitions.

  • Open the active definition and update the State Model or Phases to match your workflow.

  • Update Choice List entries under the same definition, not the field dictionary.

  • Publish/activate the updated process.

 

0 Helpfuls