Incidents
View Incidents
To view an incident:
At the top of the LogRhythm NDR UI page, click Incidents.
The Incident list appears.- To sort a column in the Incident list, click AZ (ascending sort) or ZA (descending sort) next to the column name.
- To apply a filter to the Incident list, enter your search parameters into the search box using Lucene search syntax.
- To view the details of a specific incident, click the timestamp.
Incident Page Widgets
| Widget | Description |
|---|---|
| Summary | Headline of the incident that includes the essential details. |
| Recommendation | General recommendation for incident response. |
| Impacted Entities | Lists affected users, hosts, and resources. |
| Timeline | Visually displays indicators of attack over time. |
| Activity | Lists the indicators of attack that contributed to the incident. Click More to view an expanded list that includes log data. |
| Session | Displays application-level information about the session that caused the incident (for example, metadata for HTTP headers). |
| Related Sessions | Displays sessions that might be related to the incident (for example, DNS transactions that occurred before or after the incident). |
