The Incidents Over Time histogram lets you view the number of incidents that occurred over a set period of time. Hover your mouse over a data point in the histogram to see the number of incidents that occurred on that day. The number of incidents is based on the initial creation date of the incident - not when the incident was last updated.
To change the histogram time frame, under Incidents Over Time, select a pre-set time range (7d, 1m, 3m, All). Hover over data points in the histogram to reveal how many incidents were detected on that date.
Tip: Check specific days and the times that convictions occur. If malicious activity is detected at very regular intervals, it is possible that malware is responsible for the downloads or server communications. If malicious activities happen at irregular intervals during normal workdays, it is more likely that humans are the cause.
The Incidents table contains a list of all of the incidents that Symantec EDR detected. Table: Incident table tasks describes the tasks that you can perform in the Incidents table.
Table: Incident table tasks
To apply filters
Click Show Filters to reveal the available filters.
Select the filters that you want to use or unselect the filters that you want removed.
Optionally, click Hide Filters to hide the filters view.
To perform a search
In the search box under the histogram, type your search criteria in the following format:
Symantec EDR supports the following search criteria:
For example, assume that you want to search for incident 100004, you would type:
The EDR appliance console auto-discovers the search criteria as you begin to type. Click on a matching criteria to populate the search field.
To go to the Incident details page
The Incident details page provides greater detailed information about the incident and lets you perform actions on entities.
Click on the ID number of an incident to go to that incident's details page.