Inopli Documentation
  • Getting Started
    • Understanding Inopli
    • First Access
    • Inopli's Features
  • System Settings
    • Configuring the MSS
      • Configuring the MSP's profile
      • Request Categories
      • Policies
      • Managing Integrations
        • ChatGPT
        • Slack
        • Telegram
        • Google Chat
        • E-mail
      • Data Sources
      • Roles
        • Creating a Role
    • Managing Companies
      • Configuring the Company's profile
      • Company's Roles
      • Managing Company's Integrations
      • Monitoring Systems
    • Managing User Access
      • Creating MSP's user accounts
      • Creating end user accounts
  • System Administration
    • Rules
      • Main
      • Monitoring Systems
      • Rule Details
      • Mitre Techniques
      • Playbooks
      • Companies
    • Knowledge Lists
    • Managing MITRE
  • User Guide
    • Dashboards
      • Operational Dashboard
      • Executive Dashboard
      • KPIs Dashboard
      • Alert Management Dashboard
        • Confusion Matrix
    • Incidents
      • Alerts
      • Messages
      • History
      • Rate
      • Playbooks
      • Rules
    • Requests
  • Resources
    • Inopli Correlator
Powered by GitBook
On this page
  1. User Guide

Incidents

PreviousConfusion MatrixNextAlerts

Last updated 1 year ago

The incidents reflect events that, after being processed, generate alerts and are linked to specific correlation rules. In the initial dashboard, a graph displays the incidents opened in the last 24 hours by severity, as well as a general overview of the incident status and a paginated list.

Users can filter incidents by severity, responsible analyst, status, creation date, update date, or search by the name or ID of the incident. The default view lists urgent incidents in an optimized manner, without predefined filters or sort orders.

The prioritization in the list follows a standard: incidents with 'NEW' status and the shortest remaining SLA time are shown first, followed by those that had interactions with Mss/Company, and finally, the rest are listed by ID in descending order.

A color palette indicates special situations:

  • Red: SLA exceeded.

  • Yellow: SLA 1 hour about to be exceeded.

  • Green: Incident with a new unread interaction.


Important columns into dashboard include:

  • SLA: The time agreed with the client, which stops counting when the incident is addressed.

  • Severity: Organized from INFO to CRITICAL, according to the parent correlation rule.

  • Status: Indicates the stage of resolution, varying from active, pending, under treatment, and closed.

  • Rate: The average user feedback, based on various parameters.


Available actions into dashbord:

  • Escalate Incident: Increases the incident's priority in the list, reducing the SLA.


Incident Details

Presents important information, links, message history, and activities related to the incident, allowing individual or mass changes in various parameters.


: Displays all the alerts that led to the incident.

: Allows analysts to follow and participate in the resolution process, sending messages and files, and includes system messages about changes in the incident.

: Displays feedback for each analyst involved.

Alerts
Messages
Rate
Alerts
Messages
History
Playbooks
Rules
Overview Incidents Dashboard
Incident Table Order
Incident Details