Comodo Help
Find the desired product help
SOCaaP

SOCaaP

Version 2.2

English

Print Help
SOCaaP SIEM > Incidents > Incident Category Management
  • Introduction
    • Logging-in To The SOCaaP Console
  • Dashboard Overview
    • Summary
    • Alerts,Incidents And Website Vulnerabilities
    • Customer Health
  • SOCaaP Alerts/Escalations
    • Log-in To The Admin Console
    • The Home Screen
    • Service Summary
    • Incidents Overview
      • Incidents
      • Threat Summary
    • Log Collection Summary
    • Threat Communication Graph
    • Tickets
    • Reports
    • Notification Settings
    • Integrate Your Office 365 Account With SOCaaP
  • SOCaaP SIEM
    • Log-in To The Admin Console
    • The Main Interface
    • The Dashboard
    • Customer Asset Management
      • Add Customers
      • Add Assets For Monitoring
        • Hard Assets
        • Soft Assets
      • Configure Nxlog And Rsyslog To Send Logs To SOCaaP Server
      • Edit Customers
    • Query Management
      • Configure Event Queries
      • Long Term Analysis
      • Configure Custom Dashboards
      • Event Field Selection Settings
    • Manage Rules
      • Manage Correlation Rules
      • Manage Tagged Rules
      • Manage Aggregation Rules
    • Incidents
      • Manage Incidents
      • Incident Category Management
      • Category Action Management
    • Lists
      • Manage Live Lists
      • Manage Live List Content
      • Manage Range List Content
      • Manage IP Range List Content
      • Manage Multiple Column List Content
    • Manage Reports
    • Administration
      • Event Collection
      • Phantom Settings
      • Manage Users
    • Appendix 1 – Field Groups And Event Items Description
    • Appendix 2 –SOCaaP Supported Logs
  • SOCaaP Web Protection
    • Add Websites
    • The Main Interface
    • The Dashboard
    • Website Data And Settings
      • Website Overview
      • Security Scans
        • Website Scans
        • Website Files Security Scans
          • Malware Scan Settings
            • Automatic Configuration
            • Manual Configuration
          • Run A Scan And View Results
          • Notifications, Malware Removal And Scheduled Scans
        • Vulnerability Scans
          • CMS Vulnerability Scans
          • OWASP Top 10 Vulnerability Scans
      • Content Delivery Network
        • Activate CDN For A Website
        • CDN Settings
        • View CDN Metrics
      • Firewall
        • WAF Statistics
        • WAF Events
        • Configure WAF Policies
        • Manage Custom Firewall Rules
      • SSL Configuration
      • DNS Configuration
      • Add Trust Seal To Your Websites
      • Back Up Your Website
        • Backup Settings
        • On-Demand Backup
        • View Backup Records And File Statistics
        • Restore And Download Website Files
        • Delete Backups
    • Manage Your Profile
  • Sensor Installation
    • Requirements
    • (Option 1) Create Installation Media
    • (Option 2) Deploy Virtual Machine Environment
      • Create A New Virtual Machine
      • Configure Memory Size
      • Configure Hard Disk
      • Configure Hard Disk File Type
      • Configure Storage On Physical Hard Disk
      • Configure Size Of Virtual Hard Disk
      • Configure Network Settings
      • Select VM Startup Disk
    • Sensor Installation Steps
    • Sensor Configuration Steps
      • Login To The Web Portal
      • User Settings
      • Configure Network
      • Configure Timezone
      • Key Activation
      • (Optional) Valkyrie Key Verdict
      • (Optional) Forward Log
  • Frequently Asked Questions
  • About Xcitium Security Solutions

Incident Category Management


  • Incident categories let you classify events based on their impact on the endpoint or network.
  • You can assign colors to identify each category.
  • There are predefined, default categories for managing essential incidents.
  • You can add and edit categories as required.



  • The default incident categories are: 
  • Authentication Anomalies 
  • Anomalies in privileged user account activities
  • Anomalies specific to endpoint and backend
  • Check for known APS
  • Correlated
  • DNS Request Anomalies
  • Malware Activity
  • Malware
  • Manual
  • Scheduled Query
  • Unusual Network Traffic
  • Unpatched for Vulnerable Systems or applications  
  • Web traffic anomalies 

Incident Category Management List - Table of Column Descriptions

Column Header

Description

Category Name

Label of the category.

Auto Assigned User

The user who is assigned to deal with incidents which belong to this category.

Manual Assigned Users

Users assigned when the category was created or edited.


Color

Represents the category type.

 

Note: 

  • Users take action on incidents.
  • When an incident is created, it is automatically assigned to a user who is present in the 'Auto Assigned Users' list.
  • You can reassign an incident to a user who is on the 'Manually Assigned Users' list. If the list is empty, you cannot assign the incident manually to a user.
  • To add users to the existing list available see 'Managing Users'. 


Add a Incident Category

  • To monitor and manage the types of incidents detected based on the correlation rules
  • Once a category is added, the incidents will be grouped to the specified category based on the correlation results
  • Based on the severity/priority the incident category is either auto-assigned or manually assigned to users for performing required action.

To add a new category

  • Click the 'Add' button on the bottom right of the interface



The 'Add Category' dialog will open.



  • Enter a name to identify the detected incident type
  • Select a color code from the 'Color' drop down, to indicate the category
  • Select the user to whom you want the incident alerts to be sent
  • You can choose to assign users automatically or manually by selecting the options 'Auto-Assigned User' or 'Manual Assigned Users' columns against the user
  • Click 'Save' to create an incident category

Edit the incident category


You can edit the created incident category for reassigning users or changing category names.


To edit a category

  • Click the 'Edit' button on the bottom right of the interface



The 'Update Category' dialog will open.


  • Modify the fields as required and click 'Save' to update an incident category
     

To Remove a Category

  • Click 'Delete' on the bottom right



A confirmation dialog will be shown as follows:




  • Click 'Yes' to confirm removal of the incident category from the list.
  • To view and manage the actions performed on an incident category, select a category and click 'Show Actions' on the bottom right

The 'Category Action Management' screen will open.



The 'Category' will be selected by default and the right hand panel will show the list of incidents that belong to the specified category.



Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • EDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2023. All rights reserved.