To view an incident:
At the top of the LogRhythm NDR UI page, click Incidents.
The Incident list appears.
- To sort a column in the Incident list, click AZ (ascending sort) or ZA (descending sort) next to the column name.
- To apply a filter to the Incident list, enter your search parameters into the search box using Lucene search syntax.
- To view the details of a specific incident, click the timestamp.
Incident Page Widgets
|Summary||Headline of the incident that includes the essential details.|
|Recommendation||General recommendation for incident response.|
Lists affected users, hosts, and resources.
|Timeline||Visually displays indicators of attack over time.|
Lists the indicators of attack that contributed to the incident.
Click More to view an expanded list that includes log data.
|Session||Displays application-level information about the session that caused the incident (for example, metadata for HTTP headers).|
|Related Sessions||Displays sessions that might be related to the incident (for example, DNS transactions that occurred before or after the incident).|