Viewing the incident table

The incident table provides an overview of all created incidents.

To view the incident table:

1. In the main menu, go to Monitoring & reporting → Incidents.
2. If necessary, apply the tenant filter. By default, the tenant filter is disabled and the incident table displays the incidents related to all of the tenants to which you have access rights. To apply the tenant filter:
   1. Click the link next to the Tenant filter setting.

      The tenant filter opens.

   2. Select the check boxes next to the required tenants.

      The incident table displays only the incidents that were detected on the assets that belong to the selected tenants.

The incident table is displayed.

The incident table has the following columns:

• Incident ID, name. A name and a unique identifier of an incident.
• Created. Date and time when the incident was created.
• Updated. Date and time of the last change, from the incident history.
• Threat duration. Time between the earliest and the most recent events among all of the alerts linked to the incident.
• Status. Current status of the incident.
• Severity, priority. Severity and priority of the incident.
• Analyst. Current assignee of the incident.
• Tenant. The name of the tenant in which the incident was detected.
• Technology. The technologies that detected the alerts linked to the incident.
• Affected assets. Devices and users that were affected by the incident.
• Observables. Number of the detection artifacts, for example, IP addresses or MD5 hashes of files.
• Resolution. The resolution for incidents with the Closed status.
• Creation method. How the incident was created—manually or automatically.
• Number of linked alerts. How many alerts are included in the incident.
• Rules. The rules that were triggered to create the incident.
• Number of affected assets. How many devices and users affected by or involved in the incident.
• Number of observables. How many observables are related to the alerts linked to the incident.