Incidents
Last updated
Last updated
The incidents reflect events that, after being processed, generate alerts and are linked to specific correlation rules. In the initial dashboard, a graph displays the incidents opened in the last 24 hours by severity, as well as a general overview of the incident status and a paginated list.
Users can filter incidents by severity, responsible analyst, status, creation date, update date, or search by the name or ID of the incident. The default view lists urgent incidents in an optimized manner, without predefined filters or sort orders.
The prioritization in the list follows a standard: incidents with 'NEW' status and the shortest remaining SLA time are shown first, followed by those that had interactions with Mss/Company, and finally, the rest are listed by ID in descending order.
A color palette indicates special situations:
Red: SLA exceeded.
Yellow: SLA 1 hour about to be exceeded.
Green: Incident with a new unread interaction.
SLA: The time agreed with the client, which stops counting when the incident is addressed.
Severity: Organized from INFO to CRITICAL, according to the parent correlation rule.
Status: Indicates the stage of resolution, varying from active, pending, under treatment, and closed.
Rate: The average user feedback, based on various parameters.
Escalate Incident: Increases the incident's priority in the list, reducing the SLA.
Alerts: Displays all the alerts that led to the incident.
Messages: Allows analysts to follow and participate in the resolution process, sending messages and files, and includes system messages about changes in the incident.
Rate: Displays feedback for each analyst involved.
Presents important information, links, message history, and activities related to the incident, allowing individual or mass changes in various parameters.