In the Incident Queue view, you can see a list of all incidents assigned and unassigned. You can manage and track these incidents to closure.
To access the Incident Queue tab, in the Security Analytics menu, select Incidents > Queue. A queue of all incidents is displayed.
Features
This view has the following tabs:
- All Incidents - lists all incidents.
- My Incidents - lists all incidents assigned to you.
All Incidents Tab
This is an example of the All Incidents tab.
The options panel has parameters that can be used to filter incidents. The filter parameters you choose to filter the incident queue are persisted and retained when you navigate away from the present view to switch between tabs, sessions or when you navigate to the incident details screen. The Reset Selection option enables you to reset the filter options to the default value.
TIME RANGE | Select a time range to view incidents in that time range. For example: - Select Last 24 Hours to view incidents created in the last 24 hours.
- Select All Data to view all the incidents created.
- Select Custom and provide a date range to view incidents created in that time frame.
|
PRIORITY | Indicates the number of incidents depending on their priorities. For example: Critical (18) indicates there are 18 incidents having priority set to Critical. Selecting one of the displayed options filters the incidents and displays only the incident priority selected. For example: If I select Critical (18), the Incident panel displays only the 18 incidents with a priority set to Critical. |
ANALYSTS | This indicates the incidents categorized depending on to whom it is assigned. |
STATUS | Indicates the incidents categorized depending on their status. For example: Assigned (7) indicates there are 7 incidents that are in the Assigned state. Selecting one of the displayed options filters the incidents and displays only the incidents belonging to the selected category. For example: If you select Assigned (7), the Incident panel displays only the 7 incidents that are in the Assigned state. |
CATEGORY TAGS | Indicates the number of incidents belonging to a particular category. Since Categories are hierarchical, the category tags just count the parent category. For example: Malware (5) indicates there are 5 incidents belonging to the Malware category. Selecting one of the displayed options filters the incidents and displays only the incidents belonging to the selected category. For example: If I select Malware (5), the Incident panel displays only the 5 incidents that belong to the malware category. |
LINKED REMEDIATION | Indicates the incidents categorized depending on whether they have remediation tasks or not. For example: Yes (5) indicates there are 5 incidents that have remediation tasks. No (3) indicates there are 3 incidents that have no remediation tasks. Selecting one of the displayed options filters the incidents and displays only the incidents depending on what is chosen. For example: If I select Yes (5), the Incident panel displays only the 5 incidents that have remediation tasks. |
BREACH TAGS | Displays the breach tag associated with the incident. |
| Resets filter options to default values. |
The Incident hand panel has the following information:
On the top is a graphical representation of the incident trend by assignee and is one line per assignee. The graphical representation is based on the filter chosen. You can highlight the required line per assignee by disabling the other two in the box on the Incident side of the graph.
The lower part has a list of incidents and their details displayed as per the filter chosen.
|
Date Created | Displays the date when the incident was created. |
Priority | Displays the priority of the incident. The priority can be any of the following: Critical, High, Medium, or Low. |
ID | Displays the incident ID. |
Name | Displays the incident name. |
Status | Displays the work flow status of the incident. |
Assignee | Displays the user to whom the incident is assigned to. This is visible only in the ALL Incidents details view. |
#Alerts | Displays the number of alerts the incident is made up of. |
#Remediation | Displays the number of remediation tasks created for the incident. |
Breach | Displays whether the incident has a data breach, and if does it displays the breach tag. |
Actions | Displays the actions that can be performed on the incident. The possible actions are: Assign to me, Edit Incident, and Close Incident. |
Operations
This table lists the operations that can be performed in the Summary view.
|
Assign to Me | Allows you to assign the incident to yourself. This option is available in the All Incidents view. |
Edit Incident | Allows you to modify an incident. |
Close Incident | Allows you to close an incident. |
Delete | Allows you to delete an incident. |
Report a Data Breach | Allows you report if there is a data breach. This is visible only if you have configured data breach support in the Integration Settings. |
My Incidents Tab
This tab is visible only when there are incidents assigned to you. This figure is an example of the My Incidents tab.
The options panel has parameters that can be used to filter incidents. The filter parameters you choose to filter the incident queue are persisted and retained when you navigate away from the present view to switch between tabs, sessions, or when you navigate to the incident details screen. The Reset Selection option enables you to reset the filter options to the default value.
TIME RANGE | Select a time range to view incidents in that time range. For example: - Select Last 24 Hours to view incidents created in the last 24 hours.
- Select All Data to view all the incidents created.
- Select Custom and provide a date range to view incidents created in that time frame.
|
PRIORITY | Indicates the number of incidents depending on their priorities. For example: Critical (18) indicates there are 18 incidents having priority set to Critical. Selecting one of the displayed options filters the incidents and displays only the incident priority selected. For example: If I select Critical (18), the Incident panel displays only the 18 incidents with a priority set to Critical. |
STATUS | Indicates the incidents categorized depending on their status. For example: Assigned (2) indicates there are 2 incidents that are in the Assigned state. Selecting one of the displayed options filters the incidents and displays only the incidents belonging to the selected category. For example: If I select Assigned (2), the Incident panel displays only the 2 incidents that are in the Assigned state. |
CATEGORY TAGS | Indicates the number of incidents belonging to a particular category. For example: Malware (5) indicates there are 5 incidents belonging to the Malware category. Selecting one of the displayed options filters the incidents and displays only the incidents belonging to the selected category. For example: If I select Malware (5), the Incident panel displays only the 5 incidents that belong to the malware category. |
LINKED REMEDIATION | Indicates the incidents categorized depending on whether they have remediation tasks or not. For example: Yes (5) indicates there are 5 incidents that have remediation tasks. No (3) indicates there are 3 incidents that have no remediation tasks. Selecting one of the displayed options filters the incidents and displays only the incidents depending on what is chosen. For example: If I select Yes (5), the Incident panel displays only the 5 incidents that have remediation tasks. |
BREACH TAGS | Displays the breach tag associated with the incident. |
| Select this to reset the filter options to the default value. |
On the top of the Incident panel is a graphical representation of the incidents assigned to you. The graph displays a trend by priority and is one line per priority. The graphical representation is based on the filter chosen. You can highlight the required line per priority by disabling the other priority options in the box on the right hand side of the graph.
The lower part has a list of incidents assigned to you and their details displayed as per the filter chosen.
You can accomplish the following operations from the My Incidents view:
- Edit an Incident
- Close an Incident
- Delete an incident
- Report a Data Breach