Incidents list
The incidents list shows the registered incidents with their corresponding threat levels. You can see all reported incidents that have been determined to be critical, those that you should keep an eye on, or those that are considered to be nuisances in your network. Critical incidents must be handled without delay. These indicate hosts that have been infected with malicious software. Failing to deal with critical incidents is highly risky, and increases the probability that other hosts in your network may be compromised as well.
Incidents that you have not examined yet are marked as unread, while those that you have already examined are marked as read. You have the option of selecting incidents and to perform actions on them such as marking them as read or unread. You can also close or open selected incidents.
The quick search field above the list provides fast, as-you-type search. It filters the rows in the list, displaying only those rows that have text, in any field, that matches the query string.
Use the Select pull-down menu for a fine-tuned selection. Its options allow you to select All visible incidents or to Clear selection. You can also select Read (current page) or Unread (current page) incidents. You can also click the icon in the title row to select all visible messages.
Use the Action pull-down menu to update the selected incidents: Mark as read, Mark as unread, Close, or Open.
Customize the number of rows to be displayed. The default is 20 entries. Use the and icons to navigate through multiple pages.
The columns to be displayed in the list can be customized by clicking the icon.
Each row is a summary of an incident. Click the icon (or anywhere on an entry row) to access the incident details. To select a message row, click the icon.
The list is sorted by Impact and includes the following fields:
- Host
-
The host affected by this incident. This column will display the IP address, host name, or label of the host, depending on the current Display settings pop-up.
Click the icon to view the Activity for host page, showing details about the host. Click the icon to view the Network analysis graph for the host.
Click the icon to sort the list by host.
- Sensor
-
The Sensor that detected the events making up this incident.
Click the icon to sort the list by sensor.
- Detection events
-
Number of events that comprise this incident. This is a link displaying an event count and the icon. Clicking this link loads the Network events page, filtered to show only events for this incident.
Click the icon to sort the list by events.
- Start
-
Start time of incident.
Click the icon to sort the list by start time.
- End
-
End time of incident.
Click the icon to sort the list by end time.
- Threat
-
Name of the detected security risk.
Click the icon to sort the list by threat.
- Threat class
-
Name of the detected security risk class.
Click the icon to sort the list by threat class.
- Impact
-
The impact value indicates the critical level of the detected threat and ranges from 1 to 100:
-
Threats that are 70 or above are considered to be critical.
-
Threats that are between 30 and 69 are considered to be medium-risk.
-
Threats that are between 1 and 30 are considered to be benign.
If the icon appears, it indicates the artifact has been blocked.
The list is sorted in decreasing order of impact (most critical incidents at the top). Click the icon to sort the list in increasing order (least incidents threats at the top), then click the icon to toggle back to the default.
-