An incident is generated when any type of suspicious activity takes place on an agent device. Any type of event that happens with a sequence of actions that are deemed as suspicious will show up here as an Incident.
Find Incidents
The Incidents page has a search bar at the top that you can use to search for an Incident ID, Attack Type, Detection Name, Device Name, or Everything. You can also choose a specific range of time from which to search.
Filter Incidents
The Incidents page has several filter on the left light-blue menu to help you find specific incidents. You can filter the Incidents table by:
- All
- Unhandled means the incident has not been remediated yet and should be investigated immediately to lessen the potential risk
- The VIPRE EDR Agent can auto-remediate incidents when VIPRE knows something to be malicious; no further action is required however, investigation is recommended to determine the root cause and point of entry
- Assigned to me
- Unassigned
- Detection
- Status
- Verdict
- True Positive
- False Positive
- Likely Safe
- Legitimate Use
- Suspicious
- Remediation Status
- Severity
- Attack Types
- Device
Incidents Table
| Header | Description |
|---|---|
| Incident ID | Identifier for a particular incident |
| Status | Status of the incident |
| Detection | The potentially malicious file that was detected by VIPRE |
| Severity | Provides the severity level including a severity score |
| Attack Types | The type of potential threat found |
| Alerts | How many alerts are associated with this incident |
| Created | The date the incident was created |
| Updated | The date the incident was last updated |
| Device | The agent device the incident took place on |
| Assignee | The user who has been assigned to investigate this incident |
When selecting a checkbox next to an Incident ID, the Actions button will light up in the top-right corner above the time range selection box. Available actions are:
- Assign to Me
- Assign to a User
- Update Status
- Update Verdict
Incident Details
When you click on an Incident ID, you'll find all details and available actions associated with the incident. At the top, next to the incident name, you can select device actions from a drop-down menu, Assign the Incident to one of your users, assign a verdict, or change the status of the incident.
- Incident Summary provides a high-level overview of the incident, details about the device affected by the incident, a summary of the alert severity, the number of and type of events associated with the incident, details about what triggered the incident and the techniques used, and any vulnerabilities VIPRE has found on the agent device
- Root Cause Analysis includes a timeline of events that maps out where an incident started and what activity triggered it; clicking on a specific activity provides details about what exactly that activity did
- Events shows a chronological list of raw activities associated with that particular incident, filterable by date and type of activity (File, Process, Registry, Network, Alerts, or All)
- History provides a log of the various updates, actions or state changes on the incident (e.g., note added, status change, remote shell launched, incident assigned, etc
