This step includes viewing information about the assets, accounts, and alerts related to the incident in the incident information section.
Information about the impacted assets and accounts is displayed on the Related assets and Related users tabs in the incident information section.
Example
The analyst opens the information about the affected asset (Incidents → the relevant incident → Related alerts → the relevant alert → Related endpoints → the relevant asset). The asset information shows that the asset belongs to the Business impact/HIGH and Device type/Workstation categories, which are critical for the organization IT infrastructure.
The asset information also includes the following useful data:
FQDN, IP address, and MAC address of the asset.
The time when the asset was created and the information was last updated.
The number of alerts associated with this asset.
The categories to which the asset belongs.
Asset vulnerabilities.
Information about the installed software.
Information about the hardware characteristics of the asset.
The analyst opens the information about the associated user account (Incidents → the relevant incident → Related alerts → link with the relevant alert → Related users → account).