If hierarchy mode is enabled, you can view the Incidents section to inspect the incidents that were created on child nodes and their descendants. The incidents table displays the Branch column, which can be used to filter incidents based on the nodes in which they were created. By default, the incidents table displays the incidents that were created on your node.
To select the nodes whose incidents you want to view:
The right side of the window will display the details area containing the hierarchical structure of the organization. You can use the button to expand or collapse all branches of the structure, or select all KUMA nodes.
The incidents table displays the incidents that were created on the nodes that you selected.
When you click an incident, a window opens with detailed information about the incident. The data is read-only. An incident from another node cannot be edited or processed.
Special considerations when viewing data on an incident created on a different node:
When you click on the name of an incident-related alert, a window opens with detailed information about this alert. This data is also read-only. An alert from another node cannot be edited or processed.
In this case, you can use the Find in events button to open the events table and search for relevant events. However, you cannot select the storage, and there are limitations applied to SQL queries when searching events in alert investigation mode. This mode employs data enrichment (for example, using Kaspersky Threat Intelligence Portal, Kaspersky CyberTrace or Active Directory). The results of Kaspersky Threat Intelligence Portal data enrichment performed on child nodes are not available on parent nodes.