Incident Management (part 1)

 




To read part 2, please click here
To read part 3, please click here





Using the Microsoft Sentinel Incidents Page

You can simply click on the Incidents link in the left-hand navigation panel to go to the incidents page which is divided into the header bar, the summary bar, the search and filtering section, and the incidents details pane described as follows:

  • The Header Bar- As the name suggests, the header bar is located at the top of the page along with a Refresh button, timespan drop-down option, and Actions button which can help you to perform actions against multiple incidents at once like changing the severity, assigning an owner, changing the status as well as adding tags. 

  • The Summary Bar- It is located below the header bar and generally shows the total number of open incidents, the number of new incidents, and the number of incidents that are still in progress. On the right side of it is a list of open incidents divided by severity to determine the ways of breaking down your incidents.

  • The Search & Filtering Section- It is present under the summary bar where you can filter the number of results you want to see in the listing of all the incidents. It is further divided into following sections-

  1. Search by id or title- With the help of this filter, you can search for your desired incidents by entering either a text in the title of the incident(s) or the incident ID number.
  2. SEVERITY- Here, you can choose one or more of Select All, Informational, Low, Medium, High, and/or Critical. However, Select All is selected by default which looks like just All in the summary bar.
  3. STATUS- It can help you to select one or more of Select All, New, In-progress, or Closed. Only the New and In-progress values are chosen by default. 
  4. PRODUCT NAME- It will allow you to select one or more of Select All, Microsoft Cloud App Security, Microsoft Defender for Cloud, Azure Advanced Threat Protection, Azure Information Protection, Microsoft Defender Advanced Threat Protection, and/or Microsoft Sentinel. By default,  Select All is selected.
  5. OWNER- This filter will help you to choose one or more people to filter where All Users will show the incidents assigned to anyone, along with the unassigned ones and Assigned to me will simply show the incidents that are currently assigned to the logged in user. 

  • Incidents Details Pane- There is a list of each incident one per row under the search and filtering section and whenever you select any incident from the list, the incident details pane opens showing more information on the selected incident depending on its type. At the top of the page is the title and number where to the left of the title, appears a colored strip indicating the severity of the incident i.e. red for high, orange for medium, yellow for low, and grey for informational. This can be easily changed by simply selecting a new severity and clicking on the Apply button. The same can be done with the other sections like status, assign to me, etc. explained above.  





To read part 2, please click here
To read part 3, please click here









Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)