Incidents

An incident is a set of events that require attention (for example, a possible attack). Incidents centralize the data and typically comprise a correlated event, the associated events that triggered a correlation rule, asset details of the affected systems, vulnerability state of the affected systems and any remediation information, if known. Incidents can be associated with a remediation workflow in iTRAC, if specified. An incident associated to an iTRAC workflow allows users to track the remediation state of the incident.

In the Incidents Tab, you may: