-
Log in to the LogRhythm NDR UI.
-
Click the Incidents tab.
The Incidents page appears. -
Select the timestamp for the incident you want to investigate.
The Incidents / Details page appears, displaying the following:-
summary of the incident details
-
severity
-
case score
-
host and source details:
-
source IP
-
destination IP
-
source host
-
destination host
-
-
timeline graph (showing the number of IOAs grouped based on the event trigger for every entry origin from where the logs are generated)
-
-
To display all the anomaly events, scroll down to the Highlights tab.
-
To display all logs and events related to this particular incident, click the Highlights tab and toggle to All.
-
To display all the information (such as networkinfo, source and destination IPs, and payload) for an event, click the + icon next to that event.
