Incidents
Shows the top incidents on your network by type, and the severity of those incidents. Further details on each incident are shown in the table in the lower pane.
- Click 'Incidents Overview' > 'Incidents' to open the interface
- Select a customer at top-right
- By default, statistics are shown for the past seven days
- To view the data for a different time period, click the date range at the top and choose from the options:
- To view data for a custom period, select from and to dates from the calendars
- Click 'Update'
The top pane shows the incidents by their severity.
- Click a tile to view the incidents at the bottom pane
Use the filters to search for particular incidents:
- Enter / select the filter parameter(s) and click ‘Search’
- Incidents matching the filter are shown below
- Click ‘Clear’ to view all incidents again.
The lower pane shows the incidents for the selected time period:
Click a column header to sort the incidents by alphabetical / ascending / descending order.
- Detection Time – The date and time the incident was logged.
- Incident Name – The rule label that triggered the incident.
- Severity – Incident grade whether critical, high, medium, low or information
- Incident Action – The response to the incident per the rule
- Incident Category – The incident type. For example, 'Malware activity' or 'Unusual network Traffic'
- Classification – Indicates to which the group the rule that triggered the incident is added to.
- Ticket – Opens the related incident’s tickets interface.
- Source – The origin IP address that the rule detected
- Destination – The final network / endpoint IP address
View incident details
- Click anywhere on an incident row to view even more details like incident ID, admin remarks, and more.
- Click ‘Report as False Positive’ if you know the incident is not a threat or malicious.