The Dashboard shows the following Tables,
Top Incidents
The Top Incidents Table shows the top 10 incidents severity-wise, the critical severity incidents at the top, then High, Medium, and Low, and sorted by the alert count in descending order.
By default, the table shows the top incidents for one week. Clicking any incident in the table navigates the user to that Incident details page. A SOC Manager can see the total incidents count at the upper right corner of the table.
Top Late Incidents
An incident that does not change its state as per the defined SLA is called a late incident. The Late Incidents Table displays the summary of the top 10 incidents for the last seven days, severity-wise, the critical incidents at the top, then High, Medium, and Low. A user can filter the top incidents list by Incident Type.
| Filter | Values |
|---|---|
| Severity | Critical, High, Medium, and Low |
| Incident Types | All, Unknown, Phishing, Malware, MITM, Insider Threat, Privilege Escalation. Web Application Attack, Anomaly Detection, APT |
Highest Loaded Analyst
The Highest Loaded Analyst Table displays the top 10 analysts with the associated incidents count for the last seven days. If two analysts have an equal count for the associated incidents, then the Highest Loaded Table shows analyst names alphabetically.