Incidents
An incident is a collection of events from one or more products that together represent an attack story. Infinity XDR
Extended Detection & Response/XPR Extended Prevention & Response utilizes ThreatCloud's Artificial Intelligence (AI) and applies Machine Learning (ML) models to correlate between the events from on-boarded products (both benign and security events) into unified incidents. The incident's priority level is calculated based on the artifacts of the incident, including the confidence and severity levels of the detection. Incidents are actionable with prevention steps that can be taken within the Infinity XDR/XPR application.
The Incidents page shows the list of incidents and its details that includes:
-
Insights that triggered the incident and its timeline
-
Impacted assets and users
-
Indicators
-
Prevention history and recommended prevention actions. You can automate some of these actions. For more information, see Automations.
To view the Incidents page, access Infinity XDR/XPR and click Incidents > Incidents.
|
Legend |
Item |
Description |
||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
1 |
Time span |
Select the duration for which you want to view the incidents.
|
||||||||||||||||||||||||||
|
2 |
Sort by |
Select a criterion to sort the incidents.
|
||||||||||||||||||||||||||
|
3 |
Assign |
Assign a security expert to address the incident. |
||||||||||||||||||||||||||
|
4 |
Change the status of the incident.
|
|||||||||||||||||||||||||||
|
5 |
Follow up |
Indicates that the incident requires a follow-up.
|
||||||||||||||||||||||||||
|
6 |
Search |
Search for the an asset, incident or a user. |
||||||||||||||||||||||||||
|
7 |
Select all |
Select or clear all incidents. |
||||||||||||||||||||||||||
|
8 |
Filters |
Filter the incidents by:
|
||||||||||||||||||||||||||
|
9 |
|
Allows you to filter the incident list. To add a new filter:
You can filter the incidents by:
|
||||||||||||||||||||||||||
|
10 |
Incident |
Shows incident details.
|
||||||||||||||||||||||||||
|
11 |
|
Opens the incident Incidents - Overview page in a new tab. |
||||||||||||||||||||||||||
|
12 |
Prevented |
Shows that the incident is prevented without human intervention. |
||||||||||||||||||||||||||
|
13 |
Confidence |
Confidence level of the detection:
|
||||||||||||||||||||||||||
|
14 |
Severity |
Priority of the incident:
|
||||||||||||||||||||||||||
|
15 |
Source |
The source of the events correlated into the incident.
|
||||||||||||||||||||||||||
|
16 |
MITRE ATT&CK |
MITRE ATT&CK tactics and techniques involved in the incident. The numbers represent the number of insights related to each tactic. Opens the Incidents - Insights & Forensics page that shows the related insights. |
||||||||||||||||||||||||||
|
17 |
Top Insights |
Top insights for the incident. |
||||||||||||||||||||||||||
|
18 |
Prevention |
Lists prevention actions taken and those that are recommended to be taken. |
||||||||||||||||||||||||||
|
19 |
Insights Timeline |
Shows the timeline of insights and the duration between the first and the last insight. |
||||||||||||||||||||||||||
|
20 |
Comments |
Shows the comments added for the incident. Click |
Add filter
to add a comment.