Skip to main content
Skip table of contents

Configuring an Incident Type: General Configuration

LAST UPDATED: JULY 15, 2025

Overview

The General tab is where users define foundational details for an incident type: its name, description, available dispositions, and default playbook assignments for specific sites.

Group 30 (1).png

This tab is divided into two sections:

  • General Configurations

    Group 13 (1).png

    The General Configurations section is where users can rename the incident type and modify its description. Ensure to click the Save button to apply the changes.

  • Defaults

    Group 32 (2).png

    The Defaults section allows users to update:

    1. The list of default dispositions available for this incident type. Users can modify the dispositions and re-order them by dragging them using the Frame 1.pngicon.

    2. The default playbook to be pre-selected during manual incident creation when both the incident type and site match. Expand the accordion below for details.

Assigning a Default Playbook

Users can assign default playbooks by site and incident type—ensuring the correct playbook is pre-selected when incidents are manually created—in the following steps:

READER NOTE

Assume this playbook must be assigned by default when the incident type is Business Email Compromise (BEC) and the site is Security Operations.

  1. Click the + Site & Playbooks button.

    Group 24 (2).png

  2. Select the playbook to use by default, then click the Next button.

    Group 23 (2).png

  3. Select the site to apply the setting, click the Group 26.png button, and then click the Save button.

    Group 25 (3).png

RESULT

The ST_Playbook investigation playbook is pre-selected on the incident creation form when the incident type is set to Business Email Compromise (BEC) and the site is Security Operations.

Group 29.png

Configuring the Default Dispositions

Dispositions reflect the final outcome of an incident. It is displayed in the header panel of the incident workspace, allowing users to quickly view and update the final classification of the incident.

Group 14 (1).png

By default, each incident type includes the following dispositions:

  • Resolved

  • False Positive

  • No Action

  • Duplicate

  • N/A

  • True Positive

Group 35.png

Users can replace these default dispositions with custom ones the following steps.

  1. Click the Edit Dispositions button.

    Group 16 (2).png

  2. Click the + button to create a new disposition.

    Group 17 (1).png

  3. Enter the name of the disposition, then click the Group 19 (2).png button to save it.

    Group 18 (1).png

  4. Select the desired dispositions, deselect the unnecessary ones, and click Done to apply the changes.

    Group 20 (1).png

RESULT

The fully configured dispositions for the Business Email Compromise (BEC) incident type may include:

  • Credential Compromise

  • Payment Redirected

  • Internal Impersonation

  • Vendor Impersonation

  • Legitimate Business Activity

Group 21.png
Group 22 (1).png

The modified dispositions in the incident workspace view.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close