As an incident responder, you may want to regularly print, view, or email the details of a high priority incident you are investigating. Or, you may want to view the details of a closed incident. You can use the Incident Details Report to generate a report with the latest information about a specific incident, including its detection history, related events, and user-generated comments.
The Incident Details Report is available in PDF format. You can run the report on-demand, or you can create a schedule to run it at regular intervals. When you run or schedule the report, you can specify recipients to whom you want it emailed. Users can also download it from ATP Manager.
The following tables describe the content found on the Incident Details report.
The incident number followed by a brief description.
You can click the incident number to navigate to the Incident Details page in ATP Manager.
Symantec Advanced Threat Protection (ATP)'s recommendation on how to remediate this incident.
The assigned priority based on ATP's evaluation of the incident's severity:
High - Classified as malicious with high confidence, which can result in outages and loss of data. These incidents need to be responded to immediately.
Medium - Classified as low-risk, such as unblocked adware. These incidents may have an impact on your organization and the infected endpoint(s).
Low - Classified as not serious at this time. These incidents do not affect critical business operations, and the affected endpoint(s) can function as normal.
Whether ATP deems the incident to be a suspected security breach. These incidents could include any of the following types of incident rules: Targeted Attack Incident, Targeted Email Attack Incident, Targeted Attack Analytics Incident, or Dynamic Adversary Intelligence-related incidents.
The number of endpoints in your environment that this incident affects.
The ATP scanner that detected this incident.
If multiple scanners detected the incident, the number of scanners appears.
If the incident was generated from a threat that an ATP: Roaming event detected, Roaming appears.