In Sentinel, a set of events (events that require attention, for example, a possible attack) grouped together form an Incident. An Incident in 'open' state alerts you to investigate and close the events that resulted in the incident.
Incidents can be created:
Manually, by a security analyst monitoring incoming data or querying past data.
Automatically, as the result of a correlation rule being triggered. For more information, refer to Correlation Tab in SCC User's Guide.
In the Incidents Tab, you can:
Manage Incident Views
Manage Incidents
Switch between existing Incident Views
NOTE: You need to have appropriate permissions to access this tab. Only an Administrator has controls to enable/disable access to the features of Incidents for a user.