Skip to main content
This page lists all IT security incidents with filtering capabilities. Navigate to it at /it/security/incidents.

Overview

The Security Incidents page displays a filterable table of security incidents. Each row shows the incident type badge, description (clickable to navigate to the detail page), severity badge, discovery date, and response status badge. Filters: search, incident type, severity, and response status. The Report Incident button navigates to /it/security/incidents/new. Available incident types from code: data_breach, malware, unauthorized_access, phishing, denial_of_service, policy_violation, other. Response status values: open, in_progress, resolved, closed.

Who it’s for

This route is protected by IT_PERMISSIONS.VIEW (it.view) via the module-level ITViewGuard. No additional per-route permission gate exists beyond the module guard.

Before you start

  • No prerequisites. The list loads automatically.

Steps

  1. Navigate to IT > Security > Security Incidents, or go directly to /it/security/incidents.
  2. Use the search box to search incident descriptions.
  3. Use the Type, Severity, and Status dropdowns to filter the list.
  4. Click an incident description to open its detail page.
  5. Click Report Incident to record a new security incident.

Key concepts

  • IncidentType — classification: data_breach, malware, unauthorized_access, phishing, denial_of_service, policy_violation, other.
  • IncidentResponseStatusopen | in_progress | resolved | closed.
  • SecuritySeveritycritical | high | medium | low.

Viewing an incident

The Incident Details page (/it/security/incidents/:id) fetches the incident via useSecurityIncident(id). Four summary cards display: discovered date, current status, resolved date, and linked ticket. The description and optional resolution notes render in cards below. A Response Actions card exposes status-transition buttons appropriate to the current state. Response status workflow: openin_progressresolvedclosed. Closed/resolved incidents can be reopened.
  1. From /it/security/incidents, click an incident row, or navigate to /it/security/incidents/:id.
  2. Check the incident type, severity, discovery date, status, and description.
  3. If a ticket is linked (ticket_id), click View Ticket to navigate to /it/tickets/:id.
  4. In the Response Actions card, click the appropriate action button:
    • Start Investigation (open → in_progress)
    • Mark Resolved (open or in_progress → resolved)
    • Close Incident (resolved → closed)
    • Reopen (resolved or closed → open)
  5. Navigate to /it/security/incidents/:id/edit to update incident details.

Reporting an incident

The New Incident page (/it/security/incidents/new) provides a form for reporting a new security incident. New incidents are created with status open. Valid incident types: data_breach, malware, unauthorized_access, phishing, denial_of_service, policy_violation, other. Valid severity levels: critical, high, medium, low. Before you start: hold appropriate security module permissions; have the incident discovery date and a description ready before reporting.
  1. From /it/security/incidents, click Report Incident, or navigate to /it/security/incidents/new.
  2. Choose from the code-defined incident types and assign a severity level (critical, high, medium, low).
  3. Fill in the discovery date, description, and any other required fields.
  4. Save the form. The incident is created with status open and you are redirected to the incident list or detail page.

Editing an incident

The Edit Incident page (/it/security/incidents/:id/edit) loads the existing incident via useSecurityIncident. Editable fields include: incident type, severity (default medium), discovery date, response status (open, in_progress, resolved, closed), title, description, optional resolved date, and optional resolution notes. On save, updateIncident is called and the user navigates back. A loading skeleton is shown while data fetches. Permission required: IT_PERMISSIONS.VIEW via the outer ITViewGuard. No additional per-route gate.
  1. From the incident detail or list page, navigate to /it/security/incidents/:id/edit.
  2. Modify incident type, severity, discovery date, response status, title, and description.
  3. If the incident is resolved, set the response status to resolved or closed, enter the resolved date and resolution notes.
  4. Submit the form to save updates. The page navigates back to the previous screen on success.
Key fields:
  • incident_type — Values: data_breach, malware, unauthorized_access, phishing, denial_of_service, policy_violation, other.
  • response_status — Values: open, in_progress, resolved, closed.
  • severitySecuritySeverity type from src/cores/it/types/security.ts; default medium.
  • resolution_notes — Free-text field to document how the incident was resolved.

IT Service Management

IT Service Management overview.

Governance & parity

This page documents shipped product behavior. It is not medical, legal, or billing advice. Verify against your organization’s policies and applicable regulations before using it for clinical, compliance, or billing decisions. Protected health information (PHI) shown in the product is governed by your tenant’s access controls and is never exposed in this documentation.
  • src/routes/it.tsx
  • src/cores/it/pages/security/incidents/IncidentListPage.tsx
  • src/cores/it/pages/security/incidents/IncidentDetailPage.tsx
  • src/cores/it/pages/security/incidents/NewIncidentPage.tsx
  • src/cores/it/pages/security/incidents/EditIncidentPage.tsx
  • src/cores/it/hooks/useSecurityIncidents.ts
  • src/cores/it/hooks/useSecurityIncidentMutations.ts
  • src/cores/it/types/security.ts