Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Viewing Incidents and Reports > Viewing the incident list > Managing incident reports > Grouping incidents
Grouping incidents
Administrator Help | TRITON AP-DATA | Version 8.3.x
In the active report, you can group incidents by the person they're assigned to, by source, by status, by channel, or a number of other headings in the incident table. Each column header has a down arrow next to it.
Select the down arrow next to the column header of interest, then select Group by [column].
Your report is now grouped by that function.
Grouping incidents is an effective way to drill-down into a problem.
For example, grouping can be used as follows:
An administrator who wants to take a look at the most problematic channel can group by channel. This enables the administrator to quickly see that HTTP is by far the problematic channel, and can then drill-down into HTTP. Now the administrator groups by the policy category to learn that finance is the information that is most frequently leaked and within that group, the administrator can group by IP addresses to find the most problematic employee and drill down to that employee's incidents.
See Applying a column filter for additional information.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Viewing Incidents and Reports > Viewing the incident list > Managing incident reports > Grouping incidents
Copyright 2016 Forcepoint LLC. All rights reserved.