Documentation
Posture management

Incidents

Created:
August 15, 2023
Updated:
February 28, 2024

An incident can be triggered when an event occurs. For an event to trigger an incident, the event must contain findings that meet the criteria defined in the Incident policy. Learn more about Incident policies here.

To view any incidents that have occurred, navigate to Posture Management in the FireTail platform and select the Incidents tab.

When viewing the incidents you can choose grid view or list view. Toggle between grid and list to change the view.

The Incidents page displays an overview of each incident, this information includes:

  • When the incident was triggered.
  • The source of the incident - FireTail or GitHub.
  • The incident status - Open or Closed.
  • The number of findings within each severity grouping contained in the incident.

Status

You can change the status of the incident to Open or Closed. The default status is Open.

Change status

  1. Select the incident.
  2. Click the status dropdown menu.
  3. Select the new status.
  4. Click Update on the confirmation screen to confirm the new status.

Incident details

Click on an incident to view further information.

The Incident details page displays:

  • Incident policy triggered: Indicates which incident policy has triggered the creation of the incident. Click the policy name to view policy settings, you can also edit the parameters of the policy if needed.
  • APIs Affected: Displays which APIs have been impacted in the incident, For any API listed, you can click View requests since incident, to view all the API requests that have occurred after the incident had been triggered.
  • Findings: The number of findings within each severity that occurred in the event that triggered the incident.
  • Events: Indicates which events triggered the incident. Click the event name to view all the findings discovered in that particular event.
  • Top 10 Findings by Severity: Displays the top ten findings within the incident with the highest severity status. Click the title of the finding to view more information, including a description and remediation suggestions. To examine all findings in the incident, click View All Findings.

Related topics

Categories
Getting started
Organizations
Applications
APIs
Posture management
Specifications
Integrations
Alerts
Python documentation
FAQs
Related Docs
Incidents policy
View doc
Events overview
View doc
Findings codes
View doc
Findings overview
View doc
Recently Updated
Set up a Splunk integration
View doc
Manage subscriptions and billing
View doc
Dashboard overview
View doc
Google Cloud API Gateway Logging
View doc
Set up a Slack Webhook integration
View doc