Incident events results

When you click an incident, the incident events and entities are displayed. Click on
to show the events associated with the incident:
The default view displays the event time, event type ID, a short description, and the name of the device sourcing the event. Use the column selector to add or remove columns as desired.
Columns that can be sorted show an arrow next to the column name.
Note the following:
  • All dates are referenced to your local date.
  • Null or empty fields are indicated with a long dash (—).
Incident details
Each row can be expanded to show additional details:
In the details, you can easily filter for a value, or filter out a value. Hover over an event field to display a + icon and a - icon. Click the + icon to filter for a value; click the - icon to filter out a value.
Incident artifacts and detections are linked to pages that contain additional information.
Binary Unicode characters are interpreted by the browser that's used to access the product console. For this reason, it is possible to have Registry values that contain Unicode characters which display as non-readable characters. To avoid this situation, copy and paste the "UI Displayed value" when searching.
More information