Kaspersky Unified Monitoring and Analysis Platform
English
Working with incidents  >  About the incidents table

About the incidents table

The main part of the Incidents section shows a table containing information about registered incidents. If required, you can change the set of columns and the order in which they are displayed in the table.

How to customize the incidents table

Available columns of the incidents table:

  • Threat duration—the time span during which the incident occurred (the time between the first and the last event related to the incident).
  • Assigned to—the name of the security officer to whom the incident was assigned for investigation or response.
  • Created—the date and time when the incident was created. This column allows you to filter incidents by the time they were created.
    • The following preset periods are available: Today, Yesterday, This week, Previous week.
    • If required, you can set an arbitrary period by using the calendar that opens when you select Before date, After date, or In period.
  • Tenant—the name of the tenant that owns the incident.
  • Status—current status of the incident:
    • Opened—new incident that has not been processed yet.
    • Assigned—the incident has been processed and assigned to a security officer for investigation or response.
    • Closed—the incident is closed; the security threat has been resolved.
  • Alerts number—the number of alerts included in the incident. Only the alerts of those tenants to which you have access are taken into account.
  • Priority shows how important a possible security threat is: Critical priority-critical, High priority-high, Medium priority-medium, Low priority-low.
  • Updated—the date and time of the last change made in the incident.
  • First event time and Last event time—dates and times of the first and last events in the incident.
  • Category and Typecategory and type of threat assigned to the incident.
  • Export to RuCERT—the status of the export of the incident data to the National Coordinating Center for Computer Incidents (also known as RuCERT):
    • Not exported—the data was not forwarded to RuCERT.
    • Export failed—an attempt to forward data to RuCERT ended with an error, and the data was not transmitted.
    • Exported—data on the incident has been successfully transmitted to RuCERT.

If required, you can use the Search hosts and users field to find incidents for specific users and assets.

Article ID: 220214, Last review: Sep 2, 2022
Page top