Assigning incidents to analysts

As a work item, an incident must be assigned to an SOC analyst for inspection and possible investigation. You can change the assignee at any time.

Incidents can be assigned only to analysts who have the access right to read and modify alerts and incidents.

To assign one or several incidents to an analyst:

1. In the main menu, go to Monitoring & reporting → Incidents.
2. Select the check boxes next to the incidents that you want to assign to an analyst.

   You must select only the incidents detected in the same tenant. Otherwise, the Assign to button will be disabled.

   Alternatively, you can assign an incident to an analyst from the incident details. To open the incident details, click the link with the incident ID.

3. Click the Assign to button.
4. In the Assign to analyst window that opens, start typing the analyst's name or email address, and then select the analyst from the list.

   You can also select the Not assigned option.

5. Click the Assign button.

The incidents are assigned to the analyst.

See also: About incidents Changing an incident status Changing an incident priority

Page top