G DATA 365 | Managed EDR
Overview of an incident
Each incident can be viewed on an overview page, where all important information can be found at a glance.
Color coding of the status of recommended actions (→ Priority) and incidents (→ Impact) |
To ensure that important recommendations for action immediately stand out from less important information, both incidents and recommended action are rated according to importance with corresponding color coding. An incident can be indicated by these statuses
|
The status of an incident or a recommended action |
Status refers to the current processing status. Some statuses are set automatically by our cloud backend. These include: New Solved automatically Some statuses are set manually by the G DATA Security Analysts. These include: In progress Solved Deferred |
Priority |
An incident can have the priority low, medium or high. By default, the incident is given the priority Medium. In some cases, the prioritization is changed manually by the G DATA Security Analysts. If the priority High has been assigned, a G DATA Security Analysts may be waiting urgently for feedback or for a recommended action to be taken. In this case, you will see a red status marker for the incident. |
The recommended actions |
In the right block of the overview, you will see a list of all recommended actions relating to this incident. Recommended actions are given to you by our G DATA Security Analysts for an incident. This can be
The Action column
Details page recommended actions Click on the row of recommended actions to open the details page. Show screenshotOn this page you can see the recommended action with full text. On this page you can also mark the recommended action as "Completed". To do this, click on Close now. |
Security alarm (Alert) |
In the lower block of the general overview, you will find the list of alerts assigned to this incident. Name column End point column Column affected artifacts Date column Date and time of the security alarm. Status column Here you can see the status of the alert. Classification column This column shows you whether the alarm is a permitted alarm (True Positive) or a false alarm (False Positive). Detail page Alert Mit einem Klick auf die Zeile der Alerts öffnet sich die Detailseite. Show screenshotThe details page shows you a summary of the most important information, such as:
Under Affected artifacts, you can see which file or process the G DATA Agent’s sensor has hit and its reaction to it. In our example (see screenshot), a file was recognized and moved to quarantine. If we were able to determine a SHA256 hash value, it will also be displayed here. |