The Incidents tab shows a grid with the following details.
- Incident ID - The ID of the incident. Click on this link to view the incident details.
- Title - The ticket title.
- Severity - Severity of the incident.
- Type - The incident type.
- Detected Date - Date the incident was first observed.
- Submitter - Name of the person who recorded the incident.
- Awaiting Action By - Name of the person with pending action.
- Status - Current status of the workflow associated with the incident.
- Risk - Severity of the risk.
Click New to create a new incident
Select an incident and click:
- Assign to associate an existing incident with the selected threat.
- Remove to disassociate an incident from the threat.
Select an incident to view the Incident Details window.
Select the Threats tab to view a list of threats arising from the incident. Threats must be manually assigned to incidents.
The Threat Details page includes the following information:
- Source - Threat feed provider.
- Identifier - ID assigned by threat intelligence provider.
- Title - Descriptive name of the threat intelligence.
- Threat Type - The type of threat.
- Risk - The severity of risk from the threat.
- Status - The current status of the threat incident.
- Owner - The owner responsible for taking action on the threat incident.
- Last Updated - The date when the threat incident was last updated.