Incidents and Cases
NxSIEM generates alerts when it identifies events which match correlation rules that have been defined for each customer in the Rule Creation & Activation interface. These alerts are automatically assigned as 'Incidents' to the 'users' allotted to the respective customer. Each 'Incident' has a status of 'Open' until it is closed by a user once the issue related to the event has been resolved. Administrators can also manually add incidents and assign them to users if certain actions are required on customer networks.
A series of incidents on the same network which are assigned to the same user, can be grouped together as a 'Case'.The case can then be assigned to a user for collective investigation.
The number of open incidents is dynamically displayed beside the notification icon in the title bar of the administration console.
The
'Incidents' menu allows the user to manage
incidents and cases. To open the 'Incidents' menu, click the
menu button at top right and choose 'Incidents':
The following sections explain more about: