Click on the Incidents module and select the option Incident Response.
1. UTMStack displays the INCIDENT RESPONSE window, which visualizes a table with all incidents responses data created in the IT infrastructure.
The table columns are:
- HOSTNAME: The compromised hostname.
- COMMAND: The applied command that executes action against the incident.
- STATUS: Describe the current status of the incident response (EXECUTED, ERROR, PENDING).
- APPLIED IN:
- APPLIED TO:
- CREATED: Date when the incident response was.
- CREATED BY:
- EXECUTION: Allows see the incident response execution result by clicking View result.
If you click on the button View commands, you will see all default commands available by UTMStack.
3. The Filters section allows:
- Searching host by typing the hostname.
- Filtering incidents responses according to the specific command selected in the Action field.
- Filtering incidents responses according to the specific status selected in the Status field.
- Filtering incidents responses according to the specific date creation selected in the Calendar icon.