Incidents can be created:
Manually, by a security analyst monitoring incoming data or querying past data.
Automatically, as a result of a correlation rule being triggered. For more information, see Section 4.0, Correlation Tab.
In the
tab, you can:Manage incident views
Manage incidents
Switch between existing incident views
NOTE:You need to have appropriate permissions to access this tab. Only an Administrator has controls to enable/disable access to the features of incidents for a user.