Respond to escalated incidents in the Aurora Multi-Tenant Console

When an incident is escalated to an organization, its details need to be verified to determine whether the incident was expected behavior in your environment. You can use the chat feature to communicate with an Aurora Managed Endpoint Defense analyst to share information and take appropriate steps to resolve the incident.

  1. In the Aurora Multi-Tenant Console console, click Alerts > Incidents.
  2. Click the Open tab.
  3. Click an incident.
  4. Do any of the following:

    Task

    Steps

    Report whether the incident was expected or unexpected

    If you confirm that the incident was based on expected behavior, the incident will be automatically closed. If you report that it was from unexpected behavior, you will be presented additional information and recommended actions to help resolve the threat.

    1. In the dialog message at the top of the screen, click Expected or Unexpected.
    2. Confirm your selection.

    Assign the incident to an administrator user
    1. In the left pane, in the Assignee field, search for and select another administrator user.
    2. Click Save.

    Send a message to an Aurora Managed Endpoint Defense analyst
    1. In the right pane, click The Work Notes icon.
    2. Type your message.
    3. Click Add.

    Upload attachment to this incident
    1. In the right pane, click The Attachment icon.
    2. Click Upload.
    3. Select the file that you want to upload.

    View the history of this incident

    In the right pane, click The History icon.

    A history of activity for this incident is displayed.

    Close an incident

    Send a message to the Aurora Managed Endpoint Defense analyst (using The Work Notes icon) indicating that you want to close the incident. When an incident is closed, it cannot be reopened.

    You can find closed incidents in the Closed tab.