Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Expanded incident analysis page

The incident analysis page has been expanded and redesigned to integrate with SOC playbooks and accommodate more evidence and notes for SOC analysis.

The expanded incident analysis page includes the following new and enhanced features:

  • The incident headline bar provides basic information about the incident.
    • Basic information includes severity, incident number, incident description, category, assigned to, and incident create/modify time.
    • Click Edit to edit the incident information.
    • Click Refresh to update all incident information, including executed playbooks, audit history, and retrieved endpoint information. All incident analysis page content is updated.

  • The incident analysis page provides more information about affected endpoints.

  • The incident analysis page provides automation (playbook) execution from within incidents.
  • Incident timelines show the timeline of events added to the incident.
  • Multiple incident attachments are supported and can be viewed from the attachment area.
    • Comments
    • Events
    • Reports

  • Incident audit history shows the history of changes to the incident. Click the toggle icon in the top-right corner to hide/display the audit history panel.

Expanded incident analysis page

The incident analysis page has been expanded and redesigned to integrate with SOC playbooks and accommodate more evidence and notes for SOC analysis.

The expanded incident analysis page includes the following new and enhanced features:

  • The incident headline bar provides basic information about the incident.
    • Basic information includes severity, incident number, incident description, category, assigned to, and incident create/modify time.
    • Click Edit to edit the incident information.
    • Click Refresh to update all incident information, including executed playbooks, audit history, and retrieved endpoint information. All incident analysis page content is updated.

  • The incident analysis page provides more information about affected endpoints.

  • The incident analysis page provides automation (playbook) execution from within incidents.
  • Incident timelines show the timeline of events added to the incident.
  • Multiple incident attachments are supported and can be viewed from the attachment area.
    • Comments
    • Events
    • Reports

  • Incident audit history shows the history of changes to the incident. Click the toggle icon in the top-right corner to hide/display the audit history panel.