Incidents summary view

The incidents summary view shows all incidents created for endpoints in your account. The default view lists the open state incidents that are filtered and displayed with the ID, Description, Last Updated, Priority, Detection Type, Endpoint count, and Comments. Click on the time stamp to view the details of the event. Following actions are available from the action menu:
  • Comment
    Lets you add comment to an incident.
  • Close
    Lets you close an incident.
You can select more than one incident to perform an action on the incidents simultaneously.
The column selector lets you add and remove columns.
Some columns can be sorted; an arrow appears next to the columns that support sorting:
When you click on a row, a details panel slides out:
This panel provides the following:
  • A high-level overview of the incident.
  • MITRE ATT&CK detections including the tactic(s) and technique(s) used in the incident. See:
  • Incident visualization. A graphic representation of the incident that shows the relationships of events and incidents. See:
  • Incident Lineage. See:
  • A searchable view of the events and entities involved with the incident. You can drill down through events and entities by expanding the rows. See:
You can create and record comments on the incident while investigation is in progress, and then close the incident once the incident has been resolved.
More information