Incidents

Landing page : List View

Scroll down the list as required to view the earlier generated alerts. Clicking on a particular host name opens the Device view for that alert.

Field	Description
INCIDENT ID	Displays the name of Incident.
INCIDENT NAME	Displays the name of Incident. You can copy the name by clicking the copy icon.
TYPE	Displays the type of Incident.
SEVERITY	Displays one of the following Severity: · Critical · High · Medium · Low
PRIORITY	Displays one of the following Priority: · Critical · High · Medium · Low
STATUS	Displays one of the following statuses of Incident. · New · Investigation · Remediation · Closed
NO. OF ALERTS	Displays number of alerts associated with the incident.
CREATED ON	Sort, Displays the date and time when the Incident was created.
ASSIGNED TO	Displays the name to whom the Incident is assigned to.

The following table describes fields that you can view in the table in the List view.

Field	Description
ALERT NAME	Displays the name of Alert.
ALERT TYPE	Displays one of the following Alert types: Custom Associated Alerts Unassociated Alerts
SOURCE	Displays the source of the Alert
SEVERITY	Displays one of the following Severity: High Medium Low Base
TACTICS	Displays Tactics of the Alert
CREATED ON	Displays the time and date of when the current alert was created. You can sort the displayed list as per the created date of alerts from latest to older.

View

You can view the incidents in the following hours, days or weekly or monthly slots:

Hour wise
- Last 1 hour
- Last 24 hours
Day wise
- Last 7 days
- Last 15 days
- Last 30 days
- Custom – Clicking Custom opens calendar control Select From Date and To Date from the calendar. Click Save.

My Incidents

Click My Incidents button to view only the incidents that are assigned to you (logged in user).

Filter

Using the Filter View

Apply the filters to narrow down your search criteria for displaying the incidents. You can filter by Severity, Status, Alert Details such as Process Name, Host Name, Assignee and Tactics.

View Details

When you click View Details, you are redirected to the Alerts page.

Summary of the Incident

When you click any row, the summary of the Incident appears in the right pane. The following table describes fields that you can view in the summary.

Must mention the fields that are editable and the values

Incident Summary

Field	Description
BASIC INFORMATION
Incident ID	Displays the ID of Incident. You can copy the ID by clicking the copy icon.
Incident Name	Displays the name of Incident. You can edit the name by clicking the edit icon.

Incident Type	Displays one of the following types of Incidents. · Unknown · Phishing · Malware · MITM · Insider Threat · Privilege Escalation · Web Application Attack · Anomaly Detection · APT You can edit the type by clicking the edit icon.
Created On	Displays the date and time when the Incident was created.
Occurred On	Displays on which endpoint the incident occurred.
Last Updated On	Displays the date and time when the Incident was updated.
Number of Alerts	Displays the number pf alerts already associated to the incident.
View Details button	Click to view details of associated alerts. You will be redirected to the Alerts page.
Playbook	Displays name of the default playbook associated with the incident.
View Playbook Output	Click the link to view playbook output.
RESPONSE SUMMARY
Severity	Displays one of the following Severity: · High · Medium · Low · Base
Priority	Displays one of the following priority: · Critical · High · Medium · Low You can edit the priority by clicking the edit icon.
Assigned To	Displays the name to whom the Incident is assigned to.
Status	Displays one of the following statuses: · New · Investigation · Remediation · Closed This also displays whether the response is, On Time, Late or Closed. Here duration of the incident created, and remaining time is also displayed. You can edit the status by clicking the edit icon.
DESCRIPTION AND ANALYSIS
Description	Displays description of the incident. You can edit the description by clicking the edit icon.
NOTES (#)
Notes	Displays the content of all notes, when and who created the notes. You can add note by clicking Add Note icon.
ENDPOINTS AND USERS
Endpoints (#)
Endpoint Name	Displays hostname of all endpoints. If you click vertical ellipse, the list of playbooks appears with status whether the playbook is run or not run. You can run the playbook by clicking Run icon.
Users (#)	Displays all users. If you click vertical ellipse, the list of playbooks appears with status whether the playbook is run or not run. You can run the playbook by clicking Run icon.
KEY ATTRIBUTES
Process	Displays the count and list of processes. Also, Displays Value of the process. Displays Reputation of the process. Displays Associated To which alert. If you click vertical ellipse, the list of playbooks appears with status whether the playbook is run or not run. You can run the playbook by clicking Run icon.
Registry	Displays the count and list of Registries. Also, Displays Value of the registry. Displays Reputation of the registry. Displays Associated To which alert. If you click vertical ellipse, the list of playbooks appears with status whether the playbook is run or not run. You can run the playbook by clicking Run icon.
File	Displays the count and list of infected files. Also, Displays Value of the file. Displays Reputation of the file. Displays Associated To which alert. If you click vertical ellipse, the list of playbooks appears with status whether the playbook is run or not run. You can run the playbook by clicking Run icon.
Network	Displays the count and list of infected networks. Also, Displays Value of the network. Displays Reputation of the network. Displays Associated To which alert. If you click vertical ellipse, the list of playbooks appears with status whether the playbook is run or not run. You can run the playbook by clicking Run icon.
Action Buttons
Playbook Actions	the list of playbooks appears with status whether the playbook is run or not run. You can run the playbook by clicking Run icon.
View Playbook Output	Playbook Output window appears showing output details of the playbook.

Add Note

A shortcut for adding note is added in the right upper corner.

Click the Add Note icon to add note. The Add Note dialog appears.

Enter note in the Note
Click Save.

The confirmation message appears.

In the Notes section of Incidents Summary, you can view all the Notes.

Playbook Actions

In the Incidents Summary, the following 2 buttons appear.

Playbook Actions
View Playbook Output

Running playbook

Click Playbook Actions A list of playbooks appears.

Click the Run icon. Playbook Action window appears.

Provide information as per the design of the playbook.
Click Execute.

The playbook is executed.

The playbook output window appears.

If there are any old results, the icon for View Old Result also appears. Click the icon to view the old result.

View Playbook Output

Click View Playbook Output button.
The Playbook Output window appears.
You can see output details.

Playbook and attributes

Scroll to Key Attributes
Click Vertical ellipse.
The list of playbooks using tags appear with status, whether the playbook is run or not run.
Click Run Icon. Playbook Action window appears.

Provide information as per the design of the playbook.
Click Execute.

The playbook is executed.

The playbook output window appears. The Playbook Output window shows playbook details, output details, a list of playbooks, and details of incident.

View Audit Report

Click View Audit Report icon.

The Incident Canvas dialog appears.

You can access the following 3 tabs

Investigation Time Line – This tab displays investigation details as per Date. The window displays time, name of assignees, status, and notes.

Notes – The Notes tab displays notes added as per time stamp.

Root Cause Analysis – This tab displays the root cause analysis of the incident.

Export Report

To export the audit report, click Export Audit Report.

The audit report in PDF format is downloaded.