Skip to main content

2 posts tagged with "incident-management"

View All Tags

Automatically Ignore Invalid Incidents with New Playbook

calendar icon   Release Date: July 28, 2025

Incident Playbook Thumbnail

We’re excited to announce a powerful enhancement to your incident management experience, designed to help you focus on what matters: we are introducing a new playbook: Automatically Ignore Invalid Incidents.

What's new?

This new playbook will automatically ignore incidents where the detected secret has been confirmed invalid and revoked, even for those that have never been valid. With this new capability, your team can immediately focus on genuine, actionable threats without being distracted by unnecessary noise from already-resolved issues.

Why This Matters?

By automatically clearing these known invalid incidents, you'll save valuable time, reduce alert fatigue, and maintain a clear focus on critical security issues that require your attention.

Important Note

This playbook is designed for incidents from standard detectors and will not impact those related to detectors with a custom host.

You Stay in Control

The playbook will be enabled by default, but you can opt out at any time if it doesn’t fit your needs. All incidents will remain accessible in your workspace for review.

Documentation


Fixes

  • Incidents Management: Resolved a regression where secrets detected on deletion lines could reopen incidents. Deletion lines are no longer scanned for secrets, as per the expected "Scan only addition line" behavior.

Customize Your Incidents View for Enhanced Context Exploration

calendar icon   Release Date: May 2, 2025

With this new feature, users can create fully customized views of their incidents, displaying specific properties and exploring their security data in an entirely new way.

GSE-columns


This customization capability offers two key advantages:

  1. Leverage the Generic Secret Enricher model (read release page) - You can now explore and prioritize generic incidents more effectively by visualizing the AI-classified secret categories and providers GSE-columns
  2. Harness extensive incident context - Access the rich contextual data we provide for each incident, which is essential for efficient prioritization efforts

Context is critical for effective remediation. CyberSecurity is fundamentally a data business, and by collecting and presenting the richest, most structured context possible, we enable you to filter, sort, and prioritize incidents effectively and make informed decisions.

Read more in the documentation