Incidents

An incident can be triggered when an event occurs. For an event to trigger an incident, the event must contain findings that meet the criteria defined in the policy.

Navigate to Posture management in the FireTail platform and select the Incidents tab to view the incidents. When viewing the incidents you can choose grid view or list view. Toggle between grid and list to change the view.

Grid view

Each incident is displayed in a card which gives you an overview of the incident, each card displays:

• Date the incident was triggered.
• Source of the incident - FireTail or GitHub.
• Status.
• The number of findings within each severity grouping.

Click the card to view further information about the incident.

List view

The list view displays the incidents in a table format. The table displays:

• Date the incident was triggered.
• Source of the incident - FireTail or GitHub.
• Status.
• The number of findings within each severity grouping.

Click the date created for further information about the finding.

Status

You can change the status of the incident to Open or Closed. The default status is Open.

Change status

1. Select the incident.
2. Click the status dropdown menu.
3. Select the new status.
4. Click Update on the confirmation screen to confirm the new status.

Incident information

Click on the incident to view further information. This displays information about the event that triggered the incident.

The total number of findings in the incident is displayed, click this to be directed to the all the findings contained in the incident. Learn more about the information contained in a Finding here.

The collection that triggered the incident is also displayed, click this to view the collection in question. Learn more about collections here.