When Create/View Report is selected from the popup menu in the
Analyze tab, the Incident Report window is displayed. The
primary frame contains three tabs with information about
the incident:
- Events: The Triggers, Actions, and Events that were
included in the incident are displayed
- Whois: A whois lookup is performed in the background
on the IP addresses
- Notes: A free form text field is provided for tracking
the analysis of the incident
The frame on the left contains information about the incident.
As much information as possible about the incident is automatically
entered in the report fields, but may be changed by the
analyst.
|
