Incident Details

Shows the details of the incident report.

Incident details contain five tabs:

1.Timeline

2.Detections

3.Computers

4.Executables

5.Processes

Timeline

Shows information about Incident changes.

The upper part shows info regarding the Status, Severity, Assigned user, number of Detections, Executables, Computers, Processes, and Tags, if presented added to the report.

Based on what kind of object is clicked in the Timeline, the details related to this object are displayed in the Details tab on the right side. Use the button Details to get into the objects details page (based on type (computer, detection, process) it can be different details page).

Based on the type of a selected object, two additional tabs are available on the right side:

Process Tree—if the object selected in the Timeline is a process, the process tree related to this process is shown

Related objects—if available, related objects to the selected object in the Timeline are shown

At the bottom, these buttons are available:

Incident_Commentadds a comment into the Timeline. It is possible to Edit or Delete the comment

Incident_Editenables to edit the incident repot

Incident_Assignallows the use to change the assignee of the report

Incident_Status—enables the user to change the status of the report

Detections

If the report contains any detections, the list of these detections is shown in this tab.

It contains the same options to work with detections as the Detections tab, except a Incident_Remove button, that allows the user to remove selected detection from the report.

Computers

If the report contains any computers, the list of these computers is shown in this tab.

It contains the same options to work with computers as the Computers tab, except a Incident_Remove button, that allows the user to remove selected computers from the report.

Executables

If the report contains any executables, the list of these executables is shown in this tab.

It contains the same options to work with executables as the Executables tab, except a Incident_Remove button, that allows the user to remove selected executables from the report.

Processes

If the report contains any processes, the list of these processes is shown in this tab.

Incident_Remove allows the user to remove selected processes from the report

Tags

Tagging is an additional form of filtering that can connect multiple objects through multiple views (computer, executable, event filter, etc.). If available, the tag icon Tag_Panel is on the left side, next to the name of the view. In the Computers view, the tag panel can be accessed by clicking the Three_dots icon. In the opened tag panel, all created tags are listed and ready to use. If the list of tags is already too long, you can use the magnifying glass to search for a specific tag. At the top of the screen, the TAGS selector can be used to select the desired tags. If available, the user can use also TAGS button located at the bottom of the screen among action buttons.

Additional filters

The additional filters are accessible by clicking the ADD FILTER button or clicking on a space next to the add filter button, where the list of available filters shows. The user can search filter by typing its name or selecting from the list. For the definitions of the additional filters, follow here.

Some of the filters have a funnel icon next to them with two or four possible predefined options:

Unknown—the value in the filtered column is not available (probably not a known value at the time of occurrence)

Known—the value is available

None—value is an empty string

Any—the value is not empty. The negation of None filter

If present on the screen you, can refresh the table by clicking the refresh iconAlarms_Refresh. If available, the export icon Export_CSV can be used to export the table grid to CSV format and use it in other applications to work with the list.

If present, click the PRESETS button to manage filter sets. These options are available:

Save filters—allows you to save the actual filter set. Select the check box Include the visible columns and sorting to save also this setting of your selection, otherwise when loading saved filter without this option selected will end up by showing you the default column setting

Reset filters—resets active filter and return to default filter setting with default column setting

Reset view—resets the active view without resetting the filter set

Manage—allows you to manage your filter sets

Save Filters as Rule—if available, allows you to save the filter as a rule. You can find it then in the list of rules under the Detection rules sub-tab of the admin tab

Columns

Columns can be reorganized by using the Columns_Move icon that appears on the right side of the column name when you hover the mouse over the column name.

The width of the column can be re-sized by the Column_Resize icon that appears on the left side of the column name when you hover the mouse over the column name.

The order of the columns can be organized by clicking the name of the column:

Default (No icon)

Ascending Column_Ascending

Descending Column_Descending

You can change which columns are displayed after clicking the gear icon and selecting the Select column option, or you can reset the view to default by clicking the Reset columns option. You can use Enter quick search pattern—here, you can search for the column by typing its name or a couple of letters from it. Useful if the list of columns is long. For the definitions of the columns follow here.