When FIM identifies the type of PE file reputation as Malicious in events details page, an incident is automatically created with below disposition details :
- Type: Automated
- Status: Open
User has option to review the incident and take action accordingly.
Click on the drop-down arrow next to the Name of the incident to review it.
Select Start Review option to take required action the incident.
Incident review screen appears with severity and other important parameters that are required to take review actions.
Click Next and select the appropriate approval status from the options available > click Finish to submit.
Other fields on the approval form will be auto populated with the following details:
- Disposition: Malware
- Change Type: Compromise
- Approval Status: Policy Violation
- Comment: Malicious change detected on the system
After you finish reviewing, the status appears as Closed on the Incident details page.
You can also perform other actions from the same drop-down, such as:
- View Details
- Generate Report