Respond to escalated incidents
When an incident is escalated to your organization, you need to verify its details and determine whether the incident was expected behavior in your environment. You can use the chat feature communicate with an Aurora Managed Endpoint Defense analyst to share information and take appropriate steps to resolve the incident.
- Do any of the following:
Task
Steps
Report whether the incident was expected or unexpected
If you confirm that the incident was based on expected behavior, the incident will be automatically closed. If you report that it was from unexpected behavior, you will be presented additional information and recommended actions to help resolve the threat.
- In the dialog message at the top of the screen, click Expected or Unexpected.
- Confirm your selection.
Use the AI-powered Aurora Security Assistant to investigate alerts in an incident
- Click the Alerts tab.
- In the Triggered alert section, click an alert that triggered the incident.
- In the right pane, hover over an instigating process, target process, or script artifact, and click
.
- At the bottom of the summary in the Endpoint Defense AI pane, click
to copy the analysis.
Assign the incident to an administrator user
- In the left pane, in the Assignee field, search for and select another administrator user.
- Click Save.
Send a message to a Aurora Managed Endpoint Defense analyst
- In the right pane, click
.
- Type your message.
- Click Add.
Upload attachment to this incident
- In the right pane, click
.
- Click Upload.
- Select the file that you want to upload.
View the history of this incident
In the right pane, click
.
A history of activity for this incident is displayed.
Close an incident
Send a message to the Aurora Managed Endpoint Defense analyst (using
) indicating that you want to close the incident. When an incident is closed, it cannot be reopened.
You can find closed incidents in the Closed tab.