Cisco Cisco FirePOWER Appliance 8390
19-7
FireSIGHT System User Guide
Chapter 19 Handling Incidents
Creating Custom Incident Types
In either case, the Generate Report page appears, including the options for incident reports.
Step 4
Type a name for the report. You can use alphanumeric characters, periods, and spaces.
Step 5
In
Incident Report Sections
, select the check boxes for the portions of the incident that you want to include
in the report:
status
,
summary
, and
comments
.
Step 6
If you want to include event information in the report, select the workflow you want to use and then, in
Report Sections
, specify whether you want to include event summary information.
Step 7
Select the check boxes next to the workflow pages you want to include in the report.
Step 8
Select the check boxes next to the output formats you want to use for the report:
PDF
,
HTML
, and
CSV
.
Note
CSV-based incident reports include only event information. They do not include the status,
summary, or comments from the incident.
summary, or comments from the incident.
Step 9
Click
Generate Report
and confirm that you want to update the report profile.
The report is generated.
Creating Custom Incident Types
License:
Protection
The FireSIGHT System is delivered with the following incident types that you can use to classify your
incidents:
incidents:
•
Compromise of System Integrity
•
Damage
•
Denial of Service
•
Hoax
•
Intrusion
•
Theft
•
Unauthorized Admin Access
•
Unknown
•
Web Site Defacement
If these incident types do not meet your needs, you can add your own. Note that you cannot delete any
custom incident types.
custom incident types.
To create a new incident type:
Access:
Admin/Intrusion Admin
Step 1
Select
Analysis > Intrusions > Incidents
.
The Incident page appears.
Step 2
Click
Create Incident
.
The Create Incident page appears.