Overview

Overview provides a 'Top down' view of various types of Incidents and impacted hosts. Go to INCIDENTS > Overview to see this view. Overview can set as the default view by selecting Incident Home in ADMIN > General Settings > System > UI > UI Settings.

The panel is divided into three sections:

  • Incidents By Category – displays Incident Counts By Function and Severity.
  • Top Incidents – displays the Top Incidents sorted first by Severity and then Count.
  • Top Impacted Hosts – displays Top impacted hosts by Severity or Risk Score.

To change the incident time range, choose the Time Range option on the top right. For Service provider installations, choose the appropriate Organizations on top right. By default, the data combined for all Organizations and the Organization is shown next to each host. This view will automatically refresh every minute by default. The refresh menu on top bar allows the user to disable the automatic refresh or choose a different refresh interval.

Incidents By Category

This pane shows the number of unique Security, Performance, Availability and Change incidents that have triggered in the specified time range.

To drill into a specific category, click the number and the matching incidents are displayed in a separate Incident List View. To return to the main view, click the < button. From this View, you can take the same actions as discussed in Incidents List View.

Top Incidents

This pane shows the Top Incidents, first by Severity and then by Count.

  • Each box represents an Incident.
  • The color of the box title reflects the Incident Severity.
  • The number reflects the unique incidents that has triggered in the chosen time window.
  • The entries inside the box represent the IP address and host names appearing in either the Incident Source or Incident Target
  • Boxes are ordered left to right by Incident Severity and then unique incident count. That means that Red colored boxes (High Severity) appear first then Yellow (Medium Severity) and finally Green (Low Severity). Within boxes of the same color, boxes with higher number of Incident count appear first. You can scroll to the right.

To drill down, click the number in the left side bar or each host and the matching incidents are displayed in a separate Incident List View. To return to the main view, click the < button. From this View, you can take the same actions as discussed in Incidents List View.

Top Impacted Hosts By Severity

This pane shows the Top Impacted Hosts, first by Severity and then by Count.

  • Each box represents an impacted host (where an Incident has occurred during the specified time window).
  • The color of the box title reflects the maximum of Severity over all Incidents.
  • The number on the left of the box reflects the unique incidents that has triggered on the host in the chosen time window.
  • The entries inside the box represent the incidents that has triggered for that host.
  • Boxes are ordered left to right by Incident Severity and then unique incident count. That means the Red colored boxes (High Severity) appear first then Yellow (Medium Severity) and finally Green (Low Severity). Within boxes of the same color, boxes with higher number of Incident count appear first. You can scroll to the right.

To drill down, click on the number in the left side bar or each incident and the matching incidents are displayed in a separate Incident List View. To return to the main view, click the < button. From this View, you can take the same actions as discussed in Incidents List View.

Top Impacted Hosts By Risk Score

This pane shows the Top Impacted Hosts, first by Risk Score.

  • Each Box represents an impacted host (where an Incident has occurred during the specified time window).
  • The color of the box title reflects the Risk Score (80 and above is Red, 50-79 is Yellow and less than 50 is Green).
  • The number on the left of the box reflects the risk score.
  • The entries inside the box represent the incidents that has triggered for that host.
  • Boxes are ordered left to right by Risk Score. That means that Red colored boxes (High Risk) appear first, then Yellow colored boxes (Medium Risk) and finally, Green colored boxes (Low Risk).
  • You can scroll to the right.

To drill down, click on the number in the left side bar or each incident and the matching incidents are displayed in a separate Incident List View. To return to the main view, click the < button. From this View, you can take the same actions as discussed in Incidents List View.