Incident details is the section where all the details of the alarm from your SIEM product are located. In this section, you can view all columns related to the incident, if it has turned into a case, the case details on the right, and if the incident has been visited by a bot or playbook, at the bottom, you can see the steps it followed. You can access the incident details by clicking on the incident you want to investigate in the Incidents tab.
- You can use all of these columns in playbooks.
- If you want to create a case related to the incident, you can use the "Create Case" button on the right.
- You can create the case by filling the title, description, group, SLA definitions on the "ADD CASE FORM" screen.
- The playbooks where the incident occurred are located at the bottom of the incident details. You can see in detail which playbook took action on this incident, which action steps it took, and which error it got in which action step.