An incident is triggered when an event produces findings that meet the criteria specified in an Incident policy. To review all incidents that have been triggered, go to the Posture Management section and select the Incidents tab in the FireTail platform.
The Incidents page displays an overview of each incident, this information includes:
When the incident was triggered.
The source of the incident - FireTail or GitHub.
The incident status - Open or Closed.
The number of findings within each severity grouping contained in the incident.
Status
You can change the status of the incident to Open or Closed. The default status is Open.
Change status
Select the incident.
Click the status dropdown menu.
Select the new status.
Click Update onthe confirmation screen to confirm the new status.
Incident details
Click on an incident to view further information.
The Incident details page displays:
Incident policy triggered: Indicates which incident policy has triggered the creation of the incident. Click the policy name to view policy settings, you can also edit the parameters of the policy if needed.
APIs Affected: Displays which APIs have been impacted in the incident, For any API listed, you can click View requests since incident, to view all the API requests that have occurred after the incident had been triggered.
Findings: The number of findings within each severity that occurred in the event that triggered the incident.
Events: Indicates which events triggered the incident. Click the event name to view all the findings discovered in that particular event.
Top 10 Findings by Severity: Displays the top ten findings within the incident with the highest severity status. Click the title of the finding to view more information, including a description and remediation suggestions. To examine all findings in the incident, click View All Findings.