Viewing Incidents
Scenario
By viewing the incident list, you can learn about the incident statistics in the last 360 days. The list contains the incident name, type, severity, and occurrence time. By customizing filtering conditions, such as the incident name, risk severity, and time, you can quickly query information about the specific incident.
This topic describes how to view incident information.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster. - In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose Threat Operations > Incidents.
Figure 2 Incidents
- On the Incidents page, view incident details.
Figure 3 Viewing an Incident
Table 1 Viewing an Incident Parameter
Description
Unhandled Incidents
This area displays how many incidents that are not handled within the specified time range in the current workspace. The unhandled incidents are displayed by severity.
Auto (Incidents Handled Automatically)
This area displays how many incidents that are handled automatically by playbooks within the specified time range in the current workspace.
Manual Incident (Incidents Handled Manually)
This area displays how many incidents that are handled manually within the specified time range in the current workspace.
Incidents Number (Incidents)
This area displays how many incidents that are reported within the specified time range in the current workspace.
Incident list
The list displays more details about each incident.
You can view the total number of incidents below the incident list. You can view a maximum of 10,000 incident records page by page. To view more than 10,000 records, optimize the filter criteria.
In the incident list, you can view the incident name, severity, source, and status. To obtain overview of an incident, click the incident name. The incident overview panel is displayed on the right.
- On the Incident Overview panel, you can view incident handling suggestions, basic information, and associated information (including associated threat indicators, alerts, incidents, and attack information).
- To view incident details, click Incident Details in the lower right corner of the incident overview panel. The incident details page is displayed.
On the details page, you can view the incident timeline and attack information in addition to the information on the overview page. For example, you can view the first occurrence time of an incident, detection time, and attack process ID.
- On the incident overview or details page, you can change the incident severity and status in the corresponding drop-down list boxes.
- On the incident overview or details page, you can associate or disassociate alerts, incidents, and indicators and view information about affected resources.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
