Automatic Incident Creation for Malicious Events

When FIM identifies the type of PE file reputation as Malicious in events details page, an incident is automatically created with below disposition details :

- Type: Automated

- Status: Open

open state

User has option to review the incident and take action accordingly.

Click on the drop-down arrow next to the Name of the incident to review it.

actions

Select Start Review option to take required action the incident.

start review

Incident review screen appears with severity and other important parameters that are required to take review actions.

Click Next and select the appropriate approval status from the options available > click Finish to submit.

Other fields on the approval form is auto populated with the following details:

- Disposition: Malware

- Change Type: Compromise

- Approval Status: Policy Violation

- Comment: Malicious change detected on the system

approval

After you finish reviewing, the status appears as Closed on the Incident details page.

You can also perform other actions from the same drop-down, such as:

- View Details

- Generate Report