Skip to main content
Skip table of contents

Hunt Incident with Side-by-Side Viewing

  1. Log in to the LogRhythm NDR UI.
  2. Click the Incidents tab.
    The Incidents page appears.

  3. Click the timestamp for any incident. 
    The Incident / Details page appears, displaying the Incident detail.

Incident Detail

  1. To display host details, click the Host icon. To display user details, click the User icon. 
    A dialog box appears that displays the host or user details. 
  2. In the upper-right corner of the dialog box, click the X icon to close the host or user detail.

  3. To display incident events, scroll down to the Activity section. 
    Events in the Activity section display in the graph and also in a table below the graph.

    By default, the table displays ten (10) events. If the incident contains more than ten (10) events, pagination navigation appears in the lower-left corner.

  4. To display more detailed information for a related event, click the + icon for that event.
    A dialog box appears below the related event. The dialog box contains three tabs: Details, JSON, and Related Logs. 

  5. Below the diagram in the Details tab, click and hold the horizontal bar to scroll left and right.

  6. To display the event information in JSON format, click the JSON tab. 

  7. In the JSON tab, click the arrow icons to expand or collapse fields. 

  8. To display the related logs for the event with the date included, click the Related Logs tab.
  9. On the right side of each related log, click JSON to display it in JSON format.
    The Log details dialog box appears.
  10. In the upper-right corner of the dialog box, click the X icon to close the log details.

Hunt / Activity 

  1. In the upper-right corner of the page, click the blue i icon to open the Hunt / Activity window.
    The Hunt / Activity window appears on the right side of the page. It displays logs collected during a specified time range.

    To adjust the width of the Hunt / Activity window, select and drag the window borders left or right.

  2. In the upper-right corner of the Hunt / Activity window, click the arrow next to the specified time range to change the range.

  3.  To display more detailed information for a related event, click the + icon for that event. 
    A dialog box appears below the related event. The dialog box contains two tabs: Details and JSON. 

  4. Below the diagram in the Details tab, click and hold the horizontal bar to scroll left and right.

  5. To display the event information in JSON format, click the JSON tab. 

  6. In the JSON tab, click the arrow icons to expand or collapse fields. 

  7. To display events related to a specific host or user listed in the Incident detail window, copy the Host ID or User ID and paste it into the Hunt / Activity search bar. 

    If events do not display, you may need to change the time range.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close