Incidents Executions

The Executions page shows the details of alert executions related to the incident.

For more information, see Prevention Center > Executions.

To view the Executions page:

1. Access Infinity XDR Extended Detection & Response/XPR Extended Prevention & Response and click Incidents > Incidents.

2. Click the incident title or hover over the incident and click >.

3. Click Executions.

The Executions table shows:

Item	Description
Time	Date and time when the execution was performed.
User	User who performed the execution.
Type	Type of execution: Triage - Involves handling of alerts, such as creating alerts or correlating them with existing incidents. Prevention - Involves prevention actions taken by Infinity XDR/XPR in response to alerts, such as creating an IoC.
Mode	Mode of execution: Automatic - Executed automatically by Infinity XDR/XPR. Manual - Executed manually by user.
Action	Action taken on the alert.
Details	Details about the execution, such as Insight An aggregation of one or more logs into valuable observations indicating the nature of the activity. ID or indicator value.
Status	Status of the execution: Created Completed Failed

To view the executions during a specific time period, select the required option from the list at the top.

To export the Executions table data to a CSV file, click Export to CSV.

To search, in the Search field, enter the string and click the icon.

To filter the Executions table:

1. Click the icon and then click Add filter.

   

2. Enter the Field, Operator and Value and then click Save.