Alert Promotion to SecureX Incident Manager
We've added the ability to promote alerts in global threat alerts to the SecureX incident manager. To turn on this feature, enable Early access in the header of the global threat alerts console:
Once enabled, the SecureX incident manager replaces the existing workflow in global threat alerts. Alerts are then categorized into New, Accepted, or Rejected:
A new alert can be moved to either state using the Accept or Reject button:
While global threat alerts continues to focus on its core competencies, such as extended detections and efficient alert triage, it now integrates more tightly with the SecureX ecosystem, using just one click to promote detections to the incident response workflow in SecureX.
When an alert is accepted, it can be linked to an existing or new incident in the SecureX incident manager:
In the SecureX incident manager, the incident contains details such as a Summary and all the security Events and Observables from the original alert. You can then investigate and respond further, using SecureX features such as investigation, enrichment, and orchestration.
When it's undesirable to promote an alert as an incident, you can reject it. In this case, you can also provide feedback to the team at Cisco, telling us why you rejected the alert. Thank you, your valuable feedback helps us improve future detections on your network.