Home

Incident Details

The Incident Details window displays the information about the following:

Summary

The Summary section in the Incident Details provides the overall overview of the incident and the asset. If the risk score is zero, then the incident is considered non-malicious. 

The following screenshot is an example of the Incident Summary:

Example of Incident Summary

Actions

You can Change Status, Assign Incident, or Add Comment from the Actions menu. Using the Add Comment option, you can provide comments about the incident. Only the writer of the comment can edit or delete their comment. 

Timeline

The Timeline section provides the list of the detected events. Alternatively, you can search for the detected events from the Search for events search bar using the Events Search Token and choose a remediation action if applicable. You can enhance the search results by selecting the timeframe from Last 2 year to Today. Select the drop-down Last 30 days to view the list of timeframe options. 

Timeframe in the Timeline section of the Incidents page.

Assessment and Detection Source filters in the Timeline section displays the list of event based on the selected options. 

You can select multiple threat source while using the Detection Source filter. 

Timeline page in Incidents Details

Process Tree

You can perform the remediate action from the Process Tree section. The process tree displays all the related events of the selected incident. An event of the “Process” type will show its parent and child processes. 

In the process tree view, you can traverse between the nodes by clicking a node in the hierarchy. You can click the (+) and (-) to expand and collapse the tree nodes and display the related events.

In the Threat details section, you can view the detection engine (Malware Detection, Yara rules, Behavioral Analysis, Threat Intelligence, etc.) for the event and the event risk score. The Process Tree view displays a zoom bar and reset option. The filter can view a specific event type in the process tree. The Process event will always be visible.

Process Tree in Incident Details page

Comments

The comments you add using the Actions menu are listed in the Comments section. For Antimalware Assignee, with the closed Status, by default, the comment displayed is based on the action performed. 

For example, in the following screenshot, the network has been closed. Hence, the comment displayed is Network Closed.

Antimalware comment in Incident Details page.

Activity Log

The Activity Log logs all the actions you perform on the Incident page. The following screenshot is an example of the Activity Log:
Activity Log section in the Incident Details page.

Risks and Exploits

The Risks and Exploits section lists the vulnerabilities linked to the incident. If you have a subscription to the VMDR application, you can view the vulnerability details.


 

 

Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
failed We appreciate your feedback. We'll work to make this topic better for you in the future.