This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

How To Create INC In Event View (New Tab) in Netwitness 11.1 ?

SureshThanikach
Beginner
Beginner

‎2018-09-26 09:20 AM

Hi All,

 

Please let us know the process to create a direct INC with the logs from Event View (New Tab) in Netwitness 11.1, In the Old View its straight forward but in this view i tried multiple options but no luck.

 

It seems to be a bug for me, If yes hope RSA will fix it ASAP because it very time consuming to redo all setup twice to get the logs to the INC. If No Please let me know the exact option to move the logs to the INC from the new  Event View Tab

 

 Below snapshot is for better understanding of the issue which am referring.

 

This is from the old event view, where we can check the log box and from the incidents we can create a new incident and the same will be log in SECOPS as well for further investigations 

pastedImage_1.png

 

pastedImage_2.png

 

This is from the New Event View, where i am not able to find the option to raise an INC directly.

 

pastedImage_3.png

 

Labels:
0 Likes
4 REPLIES 4

anuragsinha18
Contributor Contributor
Contributor

‎2018-09-26 09:35 AM

You have to look under "Events" Tab to create manual incident;

 

 

pastedImage_2.png

 

Also you will have to create an "Incident Rule" as below;

 

pastedImage_3.png

 

Hopefully this should solve your query.

0 Likes

Anonymous
Not applicable

‎2018-09-26 10:26 AM

Correct, the ability to add/edit incidents directly from Event Analysis is not in 11.1. We are working to get that capability into that new workflow in an upcoming release.

SureshThanikach
Beginner
Beginner
In response to anuragsinha18

‎2018-09-27 01:32 AM

Hi Anurag,

 

This is the process to create an INC from the old view of events viewer which we are already using, but my query is for the new view of the event viewer.

0 Likes

SureshThanikach
Beginner
Beginner
In response to Anonymous

‎2018-09-27 01:37 AM

Thanks for the response, Hope this is fixed as soon as possible. 

 

Also please let me know if this is the right place for this Discussion hence am observing few other missing options which need to reported/fixed in NEW 11.1 ?

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.