Table of Contents
Advertisement
Chapter 19
Incident Investigation and Mitigation
Incident Details Table
Each row of the Incident Details table represents either a session or the information common to a group
of sessions. You can see all of the collapsed session information by clicking the plus signs to expand the
group. You can expand or collapse all of the incident's information by clicking the Expand All or
Collapse All buttons.
Figure 19-4
This high-density information table lets you drill deep into incidents. Click the Query
on this page to query on a particular criteria. Click the Raw Events
session. You can click the Tune link to tune incidents for False Positives, see
page 19-8
Figure 19-5
4
1
3
5
78-17020-01
Expanding a Row in a Table'
or click the Mitigate link to mitigate an attack.
Incident Table
1
2
3
5
6
7
Incident ID
Path and Incident Vector icons. Launch popup
windows to display Path and Incident Vector
diagrams (L2 or L3 attack path information)
Links to Session and Incident Detail pages of
all incidents within the session
8
9
2
Severity icon
4
Offset number
6
Links to the Event Type Details pages
User Guide for Cisco Security MARS Local Controller
Incident Details Page
icon anywhere
icon for raw events for a particular
The False Positive Page,
10
11
12
19-5
Advertisement
Table of Contents
Troubleshooting
