Support

Support for business applications

Kaspersky Endpoint Detection and Response Expert

Incidents

Viewing the incident table
Kaspersky Endpoint Detection and Response Expert
Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools Product videos

Viewing the incident table

March 20, 2024

ID 221573

The incident table provides an overview of all created incidents.

To view the incident table,

In the main menu, go to MONITORING & REPORTING incidents.

The incident table is displayed.

The incident table has the following columns:

  • Incident ID, name. A name and a unique identifier of an incident.
  • Created. Date and time when the incident was created.
  • Updated. Date and time of the last change, from the incident history.
  • Threat duration. Time between the earliest and the most recent events among all of the alerts linked to the incident.
  • Status. Current status of the incident.
  • Severity, priority. Severity and priority of the incident.
  • Analyst. Current assignee of the incident.
  • Detection source. Application that obtained the telemetry data.
  • Technology. The technologies that detected the alerts linked to the incident.
  • Affected assets. Devices and users that were affected by the incident.
  • Observables. Number of the detection artifacts, for example, IP addresses or MD5 hashes of files.

See also:

About incidents

Creating incidents

Viewing incident details

Assigning incidents to analysts

Changing an incident status

Changing an incident priority

Merging incidents

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.