TWTQ: In-built ticketing console views

TWTQ: In-built ticketing console views

Hey guys!
Here's This Week's Top Question (TWTQ):

Q: What is the meaning of the various views in the Alerts tab?

A: EventLog Analyzer contains a built-in ticketing console which helps you streamline your incident management process. The module allows you to:
  • Raise security incidents as tickets
  • Automatically assign them to the concerned owner
  • Track the status of the ticket
  • Add supplementary notes regarding the incident details
All of these features allow you to quickly and efficiently resolve security incidents and thereby minimize damage to your network. 

The incident management dashboard is easy to navigate and use. You can access it by clicking on the Alerts tab.

At any given time, the dashboard gives you a quick overview of the various security alerts received and their status. You can also make changes to the alert tickets or add notes as necessary.

You can also make use of several useful views to filter the list of tickets as per your requirement. The views available are:
  • All Alerts: A summary of all security incidents, the proportion of high, medium, and low priority incidents, their status, and more.
  • My Alerts: All alerts assigned to the logged in user. Each user can simply navigate to this view to get details on all incidents which they have to look into, and update their status.
  • Assigned Alerts: Useful for the administrator to get an overview of the status of all ongoing incidents that have been assigned to their respective owners.
  • Unassigned Alerts: A list of all incidents yet to be assigned. The administrator can use this view to easily assign the incidents and ensure they are all being looked into.
  • Critical Alerts: Details regarding all high priority incidents and their status.
  • Profile Based Alerts and Correlation Alert Profiles: Get the list of all incidents categorized by type. Profile based alerts shows you the list of all alert profiles, and Correlation Alert Profiles shows you the list of all correlation rules. You can select any profile from these lists and get the details and status of all incidents of that type.
These views improve navigation through the incident management dashboard and make the process more meaningful and easy to handle.

Learn more about the incident management feature.