Incident Category Management
- Incident categories let you classify events based on their impact on the endpoint or network.
- You can assign colors to identify each category.
- There are predefined, default categories for managing essential incidents.
- You can add and edit categories as required.
- The default incident categories are:
- Authentication Anomalies
- Anomalies in privileged user account activities
- Anomalies specific to endpoint and backend
- Check for known APS
- Correlated
- DNS Request Anomalies
- Malware Activity
- Malware
- Manual
- Scheduled Query
- Unusual Network Traffic
- Unpatched for Vulnerable Systems or applications
- Web traffic anomalies
Note:
|
Add a Incident Category
- To monitor and manage the types of incidents detected based on the correlation rules
- Once a category is added, the incidents will be grouped to the specified category based on the correlation results
- Based on the severity/priority the incident category is either auto-assigned or manually assigned to users for performing required action.
To add a new category
- Click the 'Add' button on the bottom right of the interface
The 'Add Category' dialog will open.
- Enter a name to identify the detected incident type
- Select a color code from the 'Color' drop down, to indicate the category
- Select the user to whom you want the incident alerts to be sent
- You can choose to assign users automatically or manually by selecting the options 'Auto-Assigned User' or 'Manual Assigned Users' columns against the user
- Click 'Save' to create an incident category
Edit the incident category
You can edit the created incident category for reassigning users or changing category names.
To edit a category
- Click the 'Edit' button on the bottom right of the interface
The 'Update Category' dialog will open.
- Modify the fields as required and click 'Save' to update an incident category
To Remove a Category
- Click 'Delete' on the bottom right
A confirmation dialog will be shown as follows:
- Click 'Yes' to confirm removal of the incident category from the list.
- To view and manage the actions performed on an incident category, select a category and click 'Show Actions' on the bottom right
The 'Category Action Management' screen will open.
The 'Category' will be selected by default and the right hand panel will show the list of incidents that belong to the specified category.