Topics Discussed
...
In the Armor Management Portal (AMP), click Security.
Click Incidents.
Column
Description
ID This is the unique ID of the security incident.
Start Time The time stamp of the first event of the incident. Summary A brief description of the incident found.
Severity There are four severity types:
- Low
- Medium
- High
- Critical
Tags Armor will "tag" a detection with Incident if it requires security attention, and is a potential threat.
Events
A count of events that triggered a detection or incident in the Armor correlation engine.
Status The current status of the incident or detection.
- If an incident has a corresponding ticket, then the status of the ticket will display.
- If a detection does not have a corresponding ticket, then the status will display Closed.
Expand the row to view the First and Last Event Date.
Click Filters + Settings to filter the data that displays in the table.
Filter by Severity, Tags, or Status.
Click Apply Filters to save your changes.
In Table Settings, you can customize the view of your table.
Click Save Settings to save your changes.
...
| Anchor | ||||
|---|---|---|---|---|
|
...
Only Armor Support can close a security incident. However, after you have performed the troubleshooting tips suggested by Armor Support, simply enter a comment expressing your desire to close the ticket. Armor Support will verify and confirm that the security incident has been properly addressed, and then they will close the ticket.
| Info | ||||||
|---|---|---|---|---|---|---|
If you do not see any data in the Incidents screen, consider that:
|
...