Investigate an incident

1. Log in to the LogRhythm NDR UI.
2. Click the Incidents tab.
   The Incidents page appears.
3. Select the timestamp for the incident you want to investigate.
   The Incidents / Details page appears, displaying the following:
   
   • summary of the incident details
   • severity
   • case score
   • host and source details:
     • source IP
     • destination IP
     • source host
     • destination host
   • timeline graph (showing the number of IOAs grouped based on the event trigger for every entry origin from where the logs are generated)
4. To display all the anomaly events, scroll down to the Highlights tab. 
5. To display all logs and events related to this particular incident, click the Highlights tab and toggle to All. 
6. To display all the information (such as networkinfo, source and destination IPs, and payload) for an event, click the + icon next to that event.  

×