Incidents

Owned by Aaron Gabriel (Deactivated)
Last updated: 15 December 2023 by Aaron Gabriel (Deactivated)
3 min read

 

Topics Discussed

Product Overview

The Incidents screen displays security incidents detected by the Armor correlation engine. For each incident, the associated events that caused the detection are also provided.

All security incidents start as a detection, before being escalated by Armor's Security Operations Center (SOC). These escalated incidents are important, and you should take steps immediately to mitigate the threat.

To fully use this screen, you must have the following permissions assigned to your account:

  • Read Security Offenses



Frequently Asked Questions

Can I close security incidents myself?

Only Armor Support can close a security incident. However, after you have performed the troubleshooting tips suggested by Armor Support, simply enter a comment expressing your desire to close the ticket. Armor Support will verify and confirm that the security incident has been properly addressed, and then they will close the ticket.

 

What happens if I don't see any data in the Incidents screen?

Consider these possibilities:

  • Your account does not have any security incidents to display.

    • Armor is responsible for adding security-related incidents to this screen.

  • You do not have permissions to view security incidents.

    • You must have the Read Security Alerts and Read Security Offenses permissions enabled to view security incidents in this screen. Contact your account administrator to enable this permission.

 

Access the Incidents Screen

  1. In the Armor Management Portal (AMP), click Security.

  2. Click Incidents.

The default view is pre-filtered to display incidents only. Click Filters + Settings to adjust the view to also display detections.

 

Access the Incidents Screen

  1. In the Armor Management Portal (AMP), click Security.

  2. Click Incidents.

  3. Expand the row to view the First and Last Event Date.

  4. Click Filters + Settings to filter the data that displays in the table.

    1. Filter by Severity, Tags, or Status.

      1. Click Apply Filters to save your changes.

    2. In Table Settings, you can customize the view of your table.

      1. Click Save Settings to save your changes.

 

View Incident Details

  1. In the Armor Management Portal (AMP), click Security.

  2. Click Incidents.

  3. Locate and select the incident that you want to view.

    Incident Details


    Event Details

  4. Click Filters + Settings to filter the data that displays in the table.

    1. Click Apply Filters to save your changes.

  5. In Table Settings, you can customize the view of your table.

    1. Click Save Settings to save your changes.

 

View Support Ticket Details

In order to view a ticket, you must be a member of the organization that the ticket was created in.

  1. In the Armor Management Portal (AMP), click Security.

  2. Click Incidents.

  3. Locate and select the incident that you want to view.

  4. Click View Ticket.

    1. The ticket details from the Armor Ticketing System (ATS) will open in a new window.

 

Close A Security Incident

Only Armor Support can close a security incident. However, after you have performed the troubleshooting tips suggested by Armor Support, simply enter a comment expressing your desire to close the ticket. Armor Support will verify and confirm that the security incident has been properly addressed, and then they will close the ticket.

Â