Skip to main content
Skip table of contents


View Incidents

To view an incident:

  1. At the top of the  LogRhythm NDR UI page, click Incidents.
    The Incident list appears.

  2. To sort a column in the Incident list, click AZ (ascending sort) or ZA (descending sort) next to the column name.
  3. To apply a filter to the Incident list, enter your search parameters into the search box using Lucene search syntax.
  4. To view the details of a specific incident, click the timestamp.

Incident Page Widgets

SummaryHeadline of the incident that includes the essential details.
RecommendationGeneral recommendation for incident response.
Impacted Entities

Lists affected users, hosts, and resources.

TimelineVisually displays indicators of attack over time.

Lists the indicators of attack that contributed to the incident.

Click More to view an expanded list that includes log data.

SessionDisplays application-level information about the session that caused the incident (for example, metadata for HTTP headers).
Related SessionsDisplays sessions that might be related to the incident (for example, DNS transactions that occurred before or after the incident).
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.