Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

How to Monitor Incidents

Use the Incidents page to view all incidents related to a tenant in the selected time range. To access the Incidents page, select Juniper Security Director Cloud > Monitor > Insights > Incidents.

The data is displayed in grid view. In the Timeline section, you can select a log parser from the list to view log data in the timeline graph. You can zoom in, zoom out, show all data, and refresh the data.

You can view the incident ID, status of the incident, progression, and so on. You can click an incident to view more details and create Service Now tickets if required.

Figure 1: Incidents Page Incidents Page

After you create a ticket, the status of the incident changes to Acknowledged.

Table 1 describes different fields available in the grid. You can view data for 10 mins, 30 mins, 1 hour, 8 hours, 1 day, 4 days, 7 days, and 30 days.

Table 1: Fields on the Incidents Page

Field Name

Description

Status

Specifies the status of the Service Now ticket. After you create a Service Now ticket, the status shows Acknowledged.

Incident ID

Specifies the incident ID.

Risk

Specifies the threat metric and severity rating.

Progression

Specifies the progression of an incident. For example, phishing, infection, and so on.

Threat Target

Specifies the IP address of the target.

Date & Time

Specifies the timestamp of the incident.

In the Status column, click New to set the incident status.

Select an incident right-click and select Detail to see the incident summary.

Table 2 explains the options available for each incident on the Incident Summary page.

Table 2: Options for Each Incident

Option

Description

Incident Details

Click Incident Details to see the details of an incident.

Mitigate Incident

Select Mitigate to enable or disable the Source IP Filtering/Endpoint IP Filtering mitigation if it’s disabled and vice versa.

To mitigate incidents, you must have already configured ATP Cloud. See ATP Mapping.

Create Ticket

Click Create Ticket to create a Service Now ticket for an incident. You must have already configured Service Now settings to create a Service Now ticket. See Service Now Configuration.

To create a ServiceNow ticket:

  1. Select Create Ticket.

    The Create Service Now Ticket page is displayed.

  2. In the Urgency field, select the priority of the ticket from the list.

  3. In the Short Description field, provide a short description about the incident.

  4. In the Description field, provide a more detailed description about the incident.

  5. Click OK.

Timeline View

You can view all incidents on a timeline graph. Hover over each event to see more details about an incident. In the Vendors list, you can select the required log parser. You can select either one or all the log parsers. By default, the timeline graph shows all of the configured vendors in the log source.

You can enable the Cluster option to cluster events belonging to the same time.

Figure 2: Cluster View of Incidents Cluster View of Incidents

You can also zoom in, zoom out, and reset the data in the timeline graph. The reset option shows events for the corresponding incidents.