To view the specific details of an incident click on the incident ID number.
The incident details page provides two main areas with viewable data: The Summary and Response Actions.
The incident summary includes details of the incident and the application which triggered the incident and access scopes.
Application—The name of the application installed.
Platform—The platform where the app was installed.
Detection Date—The time and date the app was installed.
Owner—The user that authorized and installed the app.
Policy—The name of the policy that triggered the incident.
Status—The current status of the incident (New, In Progress, Dismissed or Resolved).
Severity—The severity of the incident depending on the policy configuration.
Classification—The current classification of the app (Unclassified, Trusted, Banned, or Under Audit).
The summary also provides the scope categories, individual scopes, the permission IDs of the scopes and descriptions of what access the scopes request. Hovering on individual permission ID will provide the full URL.
The Response Actions tab will summarize the response actions that took place after the incident was discovered, the date and time the action last took place, and the status.
Clicking on individual response actions provides a drop-down with details about the actions. For example:
Notify Admin by Email—The email address of the admin the notification is being sent to and the frequency of the notification.
Classify App —The classification the app is changed to.
Incident Status Update— The status the incident is changed to.
Updated 2 years ago