Preview security incident

Release version: Zurich

Updated July 31, 2025

1 minute to read

After you complete the mapping step, preview the values that you mapped in a SIR security incident. This preview step permits you to verify that you have mapped all the offense fields that you want displayed on the security incident.

Before you begin

Role required: sn_si.admin

About this task

As a user with the sn_si.admin role, preview a security incident and edit the mapping again as required to fix fields with errors or to populate any missing data. If the preview is not successfully completed, you cannot proceed to the scheduling step. Previews of SIR security incidents are not saved as actual incidents in the Security Incident Response product.

Procedure

If the security incident preview is not displayed, click Preview in the progress bar.
From the Sample Offense IDs choice list, select an item.
The security incident is displayed. This view is a read-only view, and a record of this security incident is not saved.
Review the field mapping of the offense values on the security incident.

The preceding image is an example of a preview with a mapping error of the samples that were ingested.
To resolve this error, click Mapping in the progress bar.
Edit the mapping to fix incorrect values or populate any missing data.
Preview the mapping again and continue to fix any errors that are described in error messages.

What to do next

If no error messages are displayed, and you are satisfied with the field mapping on the security incident, the next step is to define the schedule.