Incident Management: Incident Queue View

Document created by RSA Information Design and Development on May 10, 2016
Version 1Show Document
  • View in full screen mode
 
  

In the Incident Queue view, you can see a list of all incidents assigned and unassigned. You can manage and track these incidents to closure. 

To access the Incident Queue tab, in the Security Analytics menu, select Incidents > Queue. A queue of all incidents is displayed.

Features

This view has the following tabs:

  • All Incidents - lists all incidents.
  • My Incidents - lists all incidents assigned to you.

All Incidents Tab

This is an example of the All Incidents tab.

Queue_All Incidents.png

The options panel has parameters that can be used to filter incidents. The filter parameters you choose to filter the incident queue are persisted and retained when you navigate away from the present view to switch between tabs, sessions or when you navigate to the incident details screen. The Reset Selection option enables you to reset the filter options to the default value. 

                                           
ParameterDescription
TIME RANGESelect a time range to view incidents in that time range.
For example:
  • Select Last 24 Hours to view incidents created in the last 24 hours.
  • Select All Data to view all the incidents created. 
  • Select Custom and provide a date range to view incidents created in that time frame.
PRIORITYIndicates the number of incidents depending on their priorities.
For example: Critical (18) indicates there are 18 incidents having priority set to Critical.
Selecting one of the displayed options filters the incidents and displays only the incident priority selected.
For example: If I select Critical (18), the Incident panel displays only the 18 incidents with a priority set to Critical.
ANALYSTSThis indicates the incidents categorized depending on to whom it is assigned. 
STATUSIndicates the incidents categorized depending on their status.
For example: Assigned (7) indicates there are 7 incidents that are in the Assigned state.
Selecting one of the displayed options filters the incidents and displays only the incidents belonging to the selected category.
For example: If you select Assigned (7), the Incident panel displays only the 7 incidents that are in the Assigned state.
CATEGORY TAGSIndicates the number of incidents belonging to a particular category. Since Categories are hierarchical, the category tags just count the parent category.
For example: Malware (5) indicates there are 5 incidents belonging to the Malware category.
Selecting one of the displayed options filters the incidents and displays only the incidents belonging to the selected category. For example: If I select Malware (5), the Incident panel displays only the 5 incidents that belong to the malware category. 
LINKED REMEDIATIONIndicates the incidents categorized depending on whether they have remediation tasks or not.
For example: 
Yes (5) indicates there are 5 incidents that have remediation tasks.
No (3) indicates there are 3 incidents that have no remediation tasks.
Selecting one of the displayed options filters the incidents and displays only the incidents depending on what is chosen.
For example: If I select Yes (5), the Incident panel displays only the 5 incidents that have remediation tasks.
BREACH TAGSDisplays the breach tag associated with the incident.
reset_selection_button.png Resets filter options to default values.

The Incident hand panel has the following information:

On the top is a graphical representation of the incident trend by assignee and is one line per assignee. The graphical representation is based on the filter chosen. You can highlight the required line per assignee by disabling the other two in the box on the Incident side of the graph. 

The lower part has a list of incidents and their details displayed as per the filter chosen.

                                                    
ParameterDescription
Date CreatedDisplays the date when the incident was created.
PriorityDisplays the priority of the incident.
The priority can be any of the following: Critical, High, Medium, or Low.
IDDisplays the incident ID.
NameDisplays the incident name.
StatusDisplays the work flow status of the incident.
AssigneeDisplays the user to whom the incident is assigned to. This is visible only in the ALL Incidents details view.
#AlertsDisplays the number of alerts the incident is made up of.
#Remediation Displays the number of remediation tasks created for the incident.
BreachDisplays whether the incident has a data breach, and if does it displays the breach tag.
ActionsDisplays the actions that can be performed on the incident.
The possible actions are: Assign to me, Edit Incident, and Close Incident.

Operations

This table lists the operations that can be performed in the Summary view.

                                
ParameterDescription
Assign to MeAllows you to assign the incident to yourself. This option is available in the All Incidents view.
Edit IncidentAllows you to modify an incident.
Close IncidentAllows you to close an incident.
DeleteAllows you to delete an incident.
Report a Data BreachAllows you report if there is a data breach. This is visible only if you have configured data breach support in the Integration Settings.

My Incidents Tab

This tab is visible only when there are incidents assigned to you. This figure is an example of the My Incidents tab.

Queue_My Incidents.png

The options panel has parameters that can be used to filter incidents. The filter parameters you choose to filter the incident queue are persisted and retained when you navigate away from the present view to switch between tabs, sessions, or when you navigate to the incident details screen. The Reset Selection option enables you to reset the filter options to the default value.

                                       
ParameterDescription
TIME RANGESelect a time range to view incidents in that time range.
For example:
  • Select Last 24 Hours to view incidents created in the last 24 hours.
  • Select All Data to view all the incidents created. 
  • Select Custom and provide a date range to view incidents created in that time frame.
PRIORITYIndicates the number of incidents depending on their priorities.
For example: Critical (18) indicates there are 18 incidents having priority set to Critical.
Selecting one of the displayed options filters the incidents and displays only the incident priority selected.
For example: If I select Critical (18), the Incident panel displays only the 18 incidents with a priority set to Critical.
STATUSIndicates the incidents categorized depending on their status.
For example: Assigned (2) indicates there are 2 incidents that are in the Assigned state.
Selecting one of the displayed options filters the incidents and displays only the incidents belonging to the selected category.
For example: If I select Assigned (2), the Incident panel displays only the 2 incidents that are in the Assigned state.
CATEGORY TAGSIndicates the number of incidents belonging to a particular category.
For example: Malware (5) indicates there are 5 incidents belonging to the Malware category.
Selecting one of the displayed options filters the incidents and displays only the incidents belonging to the selected category.
For example: If I select Malware (5), the Incident panel displays only the 5 incidents that belong to the malware category.
LINKED REMEDIATIONIndicates the incidents categorized depending on whether they have remediation tasks or not.
For example: 
Yes (5) indicates there are 5 incidents that have remediation tasks.
No (3) indicates there are 3 incidents that have no remediation tasks.
Selecting one of the displayed options filters the incidents and displays only the incidents depending on what is chosen.
For example: If I select Yes (5), the Incident panel displays only the 5 incidents that have remediation tasks.
BREACH TAGSDisplays the breach tag associated with the incident.
reset_selection_button.png Select this to reset the filter options to the default value.

On the top of the Incident panel is a graphical representation of the incidents assigned to you. The graph displays a trend by priority and is one line per priority. The graphical representation is based on the filter chosen. You can highlight the required line per priority by disabling the other priority options in the box on the right hand side of the graph. 

The lower part has a list of incidents assigned to you and their details displayed as per the filter chosen.

You can accomplish the following operations from the My Incidents view:

  • Edit an Incident
  • Close an Incident
  • Delete an incident
  • Report a Data Breach
You are here: Incident Management Reference Information > Incident Management: Incident Queue View

Attachments

    Outcomes