Incidents

Path: /incidents

NIST 800-61 compliant incident management. Track security incidents from detection through post-incident review.

Key Elements

• Stats row — Total incidents, open count, breaches, and critical severity count.
• Filter tabs — All, New, Triaging, Active, Resolved, Closed.
• Severity dropdown — Filter by Critical, High, Medium, Low.
• Incident table — Number (INC-YYYY-NNN), title, severity, phase, status, and reported date.
• Report Incident button — Create a new incident report.

Incident Phases (NIST 800-61)

1. Detection — Incident is first identified.
2. Analysis — Investigating scope and impact.
3. Containment — Limiting the damage.
4. Eradication — Removing the threat.
5. Recovery — Restoring normal operations.
6. Post-Incident — Lessons learned and documentation.
7. Closed — Incident fully resolved and documented.

How to Report an Incident

1. Click Report Incident.
2. Enter title, description, category (phishing, unauthorized access, data breach, etc.), and severity.
3. The incident gets an auto-generated number (INC-YYYY-NNN).
4. Add timeline entries as the investigation progresses.
5. Create tasks for responders.
6. Move through phases as work progresses.