.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Incidents List View
The Incidents List view (Respond > Incidents) shows Incident Responders and other Analysts a prioritized results list of incidents created from various sources. For example, your results list could show incidents created from ESA rules or NetWitness Endpoint. From the Incidents List view, you have easy access to the information that you need to quickly triage and manage incidents through completion.
Workflow
This workflow shows the high-level process that Incident Responders use to respond to incidents in NetWitness.
In the Incidents List view, you can review the list of prioritized incidents, which shows basic information about each incident. You can also change the assignee, priority, and status of the incidents. Because the results can be large in the incidents list, you have the option to filter those incidents by time range, incident ID, custom date range, priority, status, assignee, and categories.
What do you want to do?
*You can complete these tasks here (that is, in the Incidents List view).
Related Topics
Quick Look
The following example shows the initial Incidents List view with the Filter panel. You can open the Overview panel for an incident by clicking an incident in the Incident List.
You can go directly to the Incident Details view from the Incidents List by clicking the hyperlinked ID or NAME. The Overview panel is also available in the Incident Details view. For more information about the Incidents Details view, see Incident Details View.
Incidents List View
To access the Incidents List view, go to Respond > Incidents. The Incidents List view displays a list of all incidents. The Incidents List view consists of a Filters panel, an Incidents List, and an Incidents Overview panel.
The following figure shows the Filter Panel on the left and the Incidents List on the right.
The following figure shows the incident Overview panel on the right.
Incidents List
The Incidents List shows a list of all of the prioritized incidents. You can filter this list to show only incidents of interest.
At the bottom of the list, you can see the number of incidents on the current page, the total number of incidents, and the number of incidents selected. For example: Showing 1000 out of 2517 items | 2 selected. The maximum number of incidents that you can view at one time is 1,000.
Incident Filters Panel
The following figure shows the filters available in the Filters panel.
The Filters panel, on the left of the Incidents List view, has options that you can use to filter the incidents list. When you navigate away from the Filters panel, the Incidents List view retains your filter selections.
Incident Overview PanelIncident Overview Panel
The Overview panel shows basic summary information about a selected incident. From the Incidents List, you can click an incident to access the Overview panel. The Overview panel in the Incident Details view contains the same information.
The following table lists the fields displayed in the Incident Overview panel.