How to Monitor Incidents
Use the Incidents page to view all incidents related to a tenant in the selected time range. To access the Incidents page, select Juniper Security Director Cloud > Monitor > Insights > Incidents.
The data is displayed in grid view. In the Timeline section, you can select a log parser from the list to view log data in the timeline graph. You can zoom in, zoom out, show all data, and refresh the data.
You can view the incident ID, status of the incident, progression, and so on. You can click an incident to view more details and create Service Now tickets if required.
After you create a ticket, the status of the incident changes to Acknowledged.
Table 1 describes different fields available in the grid. You can view data for 10 mins, 30 mins, 1 hour, 8 hours, 1 day, 4 days, 7 days, and 30 days.
Field Name |
Description |
---|---|
Status |
Specifies the status of the Service Now ticket. After you create a Service Now ticket, the status shows Acknowledged. |
Incident ID |
Specifies the incident ID. |
Risk |
Specifies the threat metric and severity rating. |
Progression |
Specifies the progression of an incident. For example, phishing, infection, and so on. |
Threat Target |
Specifies the IP address of the target. |
Date & Time |
Specifies the timestamp of the incident. |
In the Status column, click New to set the incident status.
Select an incident right-click and select Detail to see the incident summary.
Table 2 explains the options available for each incident on the Incident Summary page.
Option |
Description |
---|---|
Incident Details |
Click Incident Details to see the details of an incident. |
Mitigate Incident |
Select Mitigate to enable or disable the Source IP Filtering/Endpoint IP Filtering mitigation if it’s disabled and vice versa. To mitigate incidents, you must have already configured ATP Cloud. See ATP Mapping. |
Create Ticket |
Click Create Ticket to create a Service Now ticket for an incident. You must have already configured Service Now settings to create a Service Now ticket. See Service Now Configuration. To create a ServiceNow ticket:
|
Timeline View
You can view all incidents on a timeline graph. Hover over each event to see more details about an incident. In the Vendors list, you can select the required log parser. You can select either one or all the log parsers. By default, the timeline graph shows all of the configured vendors in the log source.
You can enable the Cluster option to cluster events belonging to the same time.
You can also zoom in, zoom out, and reset the data in the timeline graph. The reset option shows events for the corresponding incidents.