SIR Workspace Related Records
- UpdatedJul 31, 2025
- 5 minutes to read
- Zurich
- Security Incident Response
This section consists of the related lists items that are grouped into sections such as associated observables and configuration items.
The following related lists groups that are available as a part of the base system. You can modify these groups or create groups within the application and their respective actions.
| Related list | Grouped item |
|---|---|
| Business Impact |
|
| Threat Intel |
|
| Phishing |
|
| Related Security Incidents |
|
| SLA Records | Task SLAs |
| Source Events/Alerts | Source events or alerts are the SIEM integration enabled related list such as Source Email, LogRhythm Drill Down Logs, LogRhythm Events, Aggregated IBM QRadar Offense and so on. Note: This list is completely
dependent on the integration that you have in your instance. To view the relevant SIEM integration related list, you must install the latest version. |
| Sighting Search |
|
| Observable Enrichment |
|
| Endpoint Detection and Response (EDR |
|
Configure Security Incident Related List
You can add new related lists or new related list groups, and modify existing groups or related lists that appear in the SIR Workspace.
Before you begin
The security incident related list are grouped and displayed as group related list items on the Related Records tab on the workspace.
Role required: sn_si.admin
Procedure
-
In the classic UI, navigate to .
-
Go to .
The Configuring related lists on Security Incident form is displayed. -
Select the newly created view.
After you select the view, choose the required related list fields from the slush bucket.
Note: If you want to modify anything, select the view and remove or add the items. -
Select Security Incident Response Workspace.
The UX Application Security Incident Response Workspace page is displayed. -
Go to UX Page Properties tab and select
relatedListLayoutConfig option in the list
view.
-
Add the newly created view name separated by a comma to an already existing
list of values in the Value text box under the
sn_si_incident.viewsUsedForGrouping field.
For example, if you had created a new view name as, Business Impact then in the Value text box you must specify it as business_impact (which is separated by underscore within the view name and separated by a comma after an existing value) under the sn_si_incident:groups field.
Note: If you add the new view name under sn_si_incident.viewsUsedForGrouping field then the entry will be created in the Related Records tab of the workspace.Below is an example view which shows the newly created views added.If you update the view name entry in si_other_records.viewsUsedForGrouping then the related list group will get added in the Other Records tab of the workspace.
Note: requiredRolesForGrouping contains comma separated sys_user_role record names. SIR Workspace user should have at least one of these roles, to use the grouped related lists. When a user does not have any of these roles then related lists view configured for the current user role using view rule configuration will be represented vertically without grouping. This property is ignored when isGrouped property is set to false. If this property is empty any user can access the grouped related lists.
Configure Response Task Related List
Use this section to configure response tasks new related lists that appears on the Security Incident Response application.
Procedure
-
Navigate to .
-
Go to View name and select sirw
view.
-
Select the desired related list fields from the slush bucket.
For example, Affected Locations.
-
Navigate to .
The configured related lists (For example, Affected locations as selected) is listed within the SIT records list.
Related Content
- Set up view of SIR Records
This section describes how the related lists are grouped and presented on the SIR Related Records tab for easy navigation.
- Configure SI design time investigation
Use this section to configure security incident design time investigation page to add multiple entry points and its associated records within the Security Incident Response Workspace.
- Define the new Risk Score Calculator Rules
Use the new Risk Score Calculator to define and calculate the risk score of security incidents based on the user-defined criteria, which provide a transparent intelligence scoring of security incidents. The risk score is auto-calculated for the security incident records.
- Configure Shift Handover
Configure Shift Handover settings to provide complete shift information to the next shift analysts.
- Security Incident Response conference call integration
The Security Incident Response Conference Call integration enables you to manage and initiate conference call and chat for analysts, managers and affected users.
- Configure report templates in Security Incident Response
You can create report templates that can be used to generate an incident summary or an executive summary for analysis and sharing.
- On-Call scheduling in Security Incident Response
Use On-Call Scheduling in Security Incident Response to view and manage shifts for your analysts.
- Configure Security Incident Related List
You can add new related lists or new related list groups, and modify existing groups or related lists that appear in the SIR Workspace.