Security Incident Overview section
The Overview section on the workspace presents the key information associated with the security incident.
The donut charts are drill down enabled, when an analyst selects any of the chart items, then it navigates you to the respective record with a filtered list view of items within that corresponding tab. For example, if Malicious Observables is selected it takes you to the observables with a filtered list view of malicious observables on the Related Records tab.
The Overview section displays the following:
- Description of the security incident.
- Business impact details such as the configuration items by asset type and affected users by criticality - whether VIP users or other users.
- Threat intelligence items such as observables by finding whether the observables or malicious or unknown, and by type.
- Response Tasks by state and assignment group.
- Related security incidents comprising child security incidents by state - whether open or closed, and similar security incidents by state - whether open or closed.
- The Resolution section is displayed when an incident moves to the Review state, then the resolution section is displayed within the Overview section with an ability to view the post incident review.
- Resolution - view post incident review: Select the link to navigate to the post incident review page.
- After the incident is closed, the Resolution section displays the resolution code, resolution notes, and resolved by (user) along with the post incident review details.