Viewing the incident table

The incident table provides an overview of all created incidents.

To view the incident table,

In the main menu, go to MONITORING & REPORTING → incidents.

The incident table is displayed.

The incident table has the following columns:

• Incident ID, name. A name and a unique identifier of an incident.
• Created. Date and time when the incident was created.
• Updated. Date and time of the last change, from the incident history.
• Threat duration. Time between the earliest and the most recent events among all of the alerts linked to the incident.
• Status. Current status of the incident.
• Severity, priority. Severity and priority of the incident.
• Analyst. Current assignee of the incident.
• Detection source. Application that obtained the telemetry data.
• Technology. The technologies that detected the alerts linked to the incident.
• Affected assets. Devices and users that were affected by the incident.
• Observables. Number of the detection artifacts, for example, IP addresses or MD5 hashes of files.

See also: About incidents Creating incidents Viewing incident details Assigning incidents to analysts Changing an incident status Changing an incident priority Merging incidents

Page top