Create a report
Analysts can create a report in Security Incident Response to include the status of an incident and share it via email.
Avant de commencer
Role required: sn_si.analyst
Procédure
- Navigate to Workspaces > Security Incident Response Workspace.
- Open a security incident.
-
Select Reports.
The Report page displays a list of all the reports created for the selected incident.
-
Select New.
The Select Template page appears with a list of all the published templates. The list of templates is available only when the admin has published reports templates. For more information, see Create a Report Template in Security Incident Response.
-
Select a report template.
The report opens in edit mode with the incident data as configured in the template.
-
Select Expand and insert/remove the desired fields.
- Common SIR Fields: The list of most used fields for an incident.
- All SIR Fields: All the fields related to an incident. For example, when you are generating a incident report and want to add a field called Short description then you can select that field from the All SIR Fields. When you add a field, the short description if the incident is displayed in the report.
- Related Records: The related records of a particular incident. For example, if you want to add any associated observables in the report, you can add it to your report. These related records are displayed in the table format
- Scripts: To add the date and time of the report, you can add the Current Date Time script to your report. This will add the Report Created Date and Time in report.
- Select Preview to view a preview of the report.
- Select Save Content to save the changes.
- Facultatif : Select the edit report details icon to update the report name and description.
- Select Publish to publish the report.
-
Select the share report in email icon.
- Enter the recipient’s emails in the To and Cc/Bcc fields.
- Update the email Subject and Email Body.
- Select Send to share the report over email.