ESET Online Help

Search English
Select the topic

Incidents


note

The Incidents section will be released gradually in the upcoming weeks.

Incidents allow us to correlate detections into incidents. Due to this, the threat investigations are significantly improved. You do not need to go through many detections because incidents are created automatically from the detections, which significantly reduces the time needed for alert triage.


important

This section is available only to users without ESET Inspect.

In Incidents section, you can find a list of incidents automatically created from Detections based on pre-defined rules.

Filtering the view

There are different ways to filter your view:

You can filter by Tags selector (arrow icon) and choose a tag(s) to activate the filter on the listed incidents. The results now contain only incidents with selected tags (highlighted in blue).

You can filter by Incident severityseverity_high High, severity_medium Medium or severity_low Low. You can combine these icons by turning them on or off.

You can filter by Incident statusopen_incident Open, in_progress_incident In progress or closed_incident Closed

Click Add Filter and using the drop-down menu, you can select the types of incidents to be displayed.

oAssignee—type the name of an assignee.

oCreation time—select from the drop-down menu: < 24h, ≥ 24h ago, ≥ 3 days ago, ≥ 7 days ago, ≥ 14 days ago, ≥ A month ago, ≥ 3 months ago, ≥ 6 months ago or ≥ A year ago.

oLast update—select from the drop-down menu: < 24h, ≥ 24h ago, ≥ 3 days ago, ≥ 7 days ago, ≥ 14 days ago, ≥ A month ago, ≥ 3 months ago, ≥ 6 months ago or ≥ A year ago.

oName—type the name of the incident.

oNumber of computers—type the number of selected computers.

oNumber of detections—type the number of selected detections.

Filters and layout customization

You can customize the current Web Console screen view:

Manage the side panel and main table.

Add filters and filter presets. You can use tags for filtering the displayed items.


note

If you cannot find a specific incident in the list and know it is in your ESET PROTECT infrastructure, ensure that all filters are turned off and permission sets are assigned to your user account.

Incident details

Click the Actions button or select any incident and click the three dots icon_more_vertical button to:

View Details—to display an overview of the incident.

Overview—provides the following information:

oQuick details—incident details are displayed in the main section.

oCompany impact—the number of affected Computers. Click the number to redirect to the related specific page.

oComments—you can Add comment for the incident. Click View all comments to display all created comments. You can Edit comment, Pin comment or Delete comment.

oDescription—explanation of the incident.

oRecommended steps—steps to follow to initiate the incident response process.

Detections—list of detections. You can click the three dots icon_more_vertical button to View Details.

Affected Computers—list of affected computers.

Incident Timeline—timeline with a brief history of incidents, from the triggering event until closing the incident

 

Click the Respond button to select the affected objects and set up the response actions for them. You can select the response action (Isolate, Log out user, Reboot, Scan & Clean) and click Confirm.

Change Status & Assignee—click to select Status and Assignee from the drop-down menu. Click Save.

Tags—click to select tags from the drop-down menu and click Apply. Or you can type a new keyword > press Enter to create a new tag.