Skip to main content

Cyware Fusion and Threat Response

Manage Incidents

To view the list of incidents that are added in Respond, go to Menu > Incidents. By default, Respond displays the list of incidents that are in Open state in a List view. To manage the list of incidents, you can perform the following activities:

  • Search and filter incidents based on their creation date, status, assigned group, or user, labels, and more. Additionally, you can filter incidents based on their resolution status such as Open, Closed, Merged, Untriaged, Merged and Closed.

  • Reorder the incidents based on the ascending or descending order of the incident titles.

  • Sort the incidents based on the following criteria:

    • Relevance: Sorts incidents based on the search text entered.

    • Detection Date: Sorts incidents based on the date on which the incidents were detected.

    • Incident Date: Sorts incidents based on the date on which the incidents occurred.

    • Last Updated (Default): Sorts incidents based on the last modified date.

    • Date Created: Sorts incidents based on their creation date.

  • View the incidents in the following view types:

    • Table: View incidents in a tabular format.

    • List: View incidents in a list format.

    • Phase: View incidents as per the phase of the selected incident workflow.

    • Severity: View incidents based on the severity.

    • Devices: View incidents based on the impacted devices.

    • Users: View incidents based on the impacted users.

    • Map: View incidents on the world map based on the impacted locations.

  • Customize columns in the table view of incidents. In addition to the default columns, you can add up to 15 custom fields by clicking Customize Table and selecting fields from the list of custom fields.

    Custom_fields__Table_.gif

    Note

    You cannot use text area fields as custom columns.

  • View incident statistics to get insights. To view the statistics, click Statistics.

  • View the activity logs of an incident to keep track of all the updates. This helps you trace the incident updates during incident retrospection

  • Click Export to export all incidents displayed on the page.

  • Refresh the incidents list to view the latest data. To refresh the incident list, on the top-right corner, click More > Refresh.

  • View the incident list in full-screen mode. To view the incident list in full-screen mode, on the top-right corner, click More > Full Screen.

For more information on managing the incident listing page, see Manage Module Listings.

Bulk Operations

To perform bulk operations, go to Menu > Incidents select the incidents that you want to update, and then choose the bulk operation you want to perform. 

You can perform the following bulk operations in the incident listing page:

  • Assign Group/User: Update the user group or user for the selected incidents.

  • Update Status: Update the status of the selected incidents.

    Note

    When closing multiple incidents simultaneously, you can select the option to Close all actions and PIRs associated with the Incidents to close all related actions and PIRs along with incidents. 

    This feature is available in Respond v3.4.3 onwards.

  • Add Action: Add an action to the selected incidents.

  • Add Note: Add a note to the selected incidents.

  • Add label: Add a label to the selected incidents.

  • Pause: Starting from Respond v3.4.2, you can pause selected incidents. The time tracking of these incidents will also be paused.

    Note

    You can only pause incidents for which you have permission. Untriaged incidents cannot be paused.

  • Delete: Delete the selected incidents. Only incidents in untriaged status can be deleted.