Overview
Smart incident management can accurately predict if an incident is a cluster of false-positive alerts and take action on that incident, without waiting for you to do anything.
This feature will:
- Identify false positive incidents based on diversity index and other indicators.
- Automatically close incidents identified as false positive.
- Introduce whitelist filters to prevent the creation of closed incidents in the future.
- Notifications for automatically closed incidents and new whitelist filters.
- Ensure automatically closed incidents can be re-opened for further investigation if required.
- Only apply to incidents in New state, so that any incident that is in progress is not considered for automatic closure.
- Close incident if at least 99% of alerts belong to the same detection.
- Whitelist destinationIP if impacted by at least 90% of alerts.
Configuring Smart Incident Management
You can activate the Smart incident management from a toggle inside the Settings tab, as shown below:
You can then set:
- Incident size
- Severity index
- Minimum artifacts
Short Term Notification
The screenshot below provides an example of a short-term notification:
© 2025 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks