Incidents; represents the alarms you receive from your SIEM product. Logs reaching to your SIEM product turns into alarms within the framework of certain rules. These alarms reach Logsign SOAR as incidents, and these incidents are process by playbooks and bots. The management of incidents takes place through cases.
- The "Incidents" menu can be accessed from Logsign SOAR top menu.
- The most recent incidents are listed on the welcome screen.
- Filtering by parameters can be done with the search box. (* means all incidents.)
- Filtering by columns can be done from the "SEARCH FILTERS" section on the left.
- From the section that under the search bar, you can see the percentages of all events. (Open, Solved etc.)
- You can filter by date in the search box.
- When you click on the incidents, you can view the incident details.
- With the graphic button in the search box, you can view the temporal incidents occurrences graphically.