This procedure is required when you need to further investigate an incident and decide on how to proceed with remediation of the incident and track it to closure.
To access and view incident details:
In the Security Analytics menu, select Incidents > Queue.
The My Incidents view is displayed. It lists all the incidents that are assigned to you. The All Incidents view lists all the incidents in Security Analytics.
In the My Incidents view, double-click an incident.
The Incident details page is displayed.
The Incident details page displays all the details pertaining to the incident. You can analyze the data and perform the following operations from this view:
- Discover the context and risk of the Incident by viewing the Alerts and/or their Events, or using the action menu to investigate related events.
- Track the progress of the workflow on the Incident by assigning it to the right analyst, setting the priority, recording the status of the investigation, or categorizing the Incident.
- Document the investigation results using the Incident Journal, or track the remediation process using Remediation Tasks.
- In cases where there is evidence of a data breach, report it to the compliance team.
- Close the Incident once the investigation is completed.
- Click Back to Queue to return to the Incidents view.