View Incidents
To view an incident:
-
At the top of the LogRhythm NDR UI page, click Incidents.
The Incident list appears. -
To sort a column in the Incident list, click AZ (ascending sort) or ZA (descending sort) next to the column name.
-
To apply a filter to the Incident list, enter your search parameters into the search box using Lucene search syntax.
-
To view the details of a specific incident, click the timestamp.
Incident Page Widgets
|
Widget |
Description |
|---|---|
|
Summary |
Headline of the incident that includes the essential details. |
|
Recommendation |
General recommendation for incident response. |
|
Impacted Entities |
Lists affected users, hosts, and resources. |
|
Timeline |
Visually displays indicators of attack over time. |
|
Activity |
Lists the indicators of attack that contributed to the incident. Click More to view an expanded list that includes log data.
|
|
Session |
Displays application-level information about the session that caused the incident (for example, metadata for HTTP headers). |
|
Related Sessions |
Displays sessions that might be related to the incident (for example, DNS transactions that occurred before or after the incident). |