Running a Connector on an Incident

To run a Connector on an incident, take the following steps.

  1. From the INCIDENTS page, select an incident.

    Note: You must be on the List by Time, List by Device, or List by Incident View.

  2. Select Run Connector from the Actions menu.

  3. From the Run Connector window, take the following steps.

    1. From the Folders column, select the Connector you want to run. When a Connector is selected, a list of actions for that Connector will populate under the Items column.

    2. From the Items column, select the Connector action you wish to run and click >. The Connector action will appear in the Selections column. You may also search for a Connector by using the Items Search... field.

      If you wish to remove a Connector from the Selections column, select the Connector you wish to remove and click <.

    3. Depending on the Connector action selected, a Select Connector Parameters section may appear. Enter and/or select the information necessary in the additional fields to continue.

    4. When ready to run your Connector, click Execute. The Run Connector window appears, in the Result tab. This window provides a summary of result. Clicking Details will display additional information. Click on View Output to view any information related on a specific Connector topic (Summary, Details, a specific attribute if applicable).

    5. Click on the Actions tab to perform any of the following actions.

      Note: All actions are optional.

      1. In the Update Comment field, enter any comments related to the Incident.

      2. Click on Add Summary to add the Summary and Details from the Result tab into the Update Comment field.

      3. To save the information added to the Update Comment field, click Save.

      4. For Resolve Incident, select the one of the following resolutions: Open, True Positive, False Positive, or In Progress. When done, click Apply.

      5. Click on Create Rule Exception create icon to create a rule exception.

      6. Click on the Remediate Incident create icon to run a remediation on the incident.

      7. Click on Set Incident Severity drop-down list and select a severity level.

      8. Click on the Run External Integration create icon to run an external integration.

    6. When done, click Close.

    Under Details, the Action History column provides a log of all the actions taken, including comments from the Update Comment field.