Incident Details page

Clicking on an incident on the Incidents page shows that incident's details in a separate page that summarizes the network resources affected by the incident, including the incident's primary indicator and any correlated indicators, as well as analysis resulting from the runbook associated with the incident type.

The Incident Details page shows the following for the incident:

  • Priority — This is assigned to the incident based on the results of the associated runbook analysis. This may change over the life of the incident if subsequent executions of the runbook produce different results.

  • Incident Type (e.g., Device Down, Interface Congestion) — This is determined by Riverbed IQ's analysis of the incident's corresponding detections.

  • Status pulldown — This shows the incident's current status; click to change. Valid choices are New, Investigating, and Closed.

  • Notes — Annotate the incident with useful text to keep with it. Notes can be added directly using the UI, or you can add notes to an incident using a lifecycle runbook that runs when an incident lifecycle event occurs.

  • Activity Log — This summarizes each action executed upon the incident. Examples ofactions that are displayed in the activity log are: incident created, incident note added, lifecycle note added, and incident status changed.

  • Share — Copy this incident page's link to send it to another user.

  • Date information — This shows when the incident started and when it ended. If the incident is ongoing then it says "ongoing".

  • Impact Summary — This shows the number of Users, Locations, and Applications known to be affected by the incident, as well as Prioritization Factors, which summarize why Riverbed IQ assigns the incident the priority that it does.

  • Prioritization Factors — This shows the output from all executed Set Incident Priority nodes that were executed. The Set Incident Priority node allows you to enter a priority value and text that should be displayed if the node is executed.

  • Incident Sources — This shows the incident's primary indicator and any correlated indicators.

  • Incident Timeline — This shows the incident events, lifecycle events and the indicators that contributed to the incident. See the incident timeline topic for more information.

  • Runbook Analysis Output — This shows the results of the most recent execution of the incident's associated runbook.

The data in a table or chart that is displayed in the Runbook Analysis section of the incident details page can be exported to CSV or PNG. The tables only support CSV while the charts support both CSV and PNG. To export the data in a table, click on the export button to the right of the column chooser button as shown here:

To export the data in a chart click on the Hamburger icon in the chart toolbar and then select either "Download CSV" or "Donwload PNG image" as shown below: