Click the down arrow on column header to sort, filter, or group incidents by that column. (See Applying a column filter for more information.) Or click
Table Properties 
to change the columns that are displayed, their order, and their width. See
Table Properties tab for a description of each property.
There are several buttons on the incident toolbar:
|
|
|
|
|
|
|
|
|
Assign - Select this option to assign the incident to someone or mark it as unassigned.
|
|
|
Lock - Select this option to lock the selected incident, preventing any further changes from future scans of the file. This option applies only to discovery incidents.
|
|
|
Unlock - Select this option to unlock a locked incident, allowing information from future scans to overwrite the current data. This option applies only to discovery incidents.
|
|
|
Change Status - Select this option to change the incident status or change the status labels.
|
|
|
Change Severity - Select this option to change the incident severity assignment.
|
|
|
Ignore Incident - Select this option to mark an incident as ignored or unmark an ignored incident. Mark an incident as ignored when you've reviewed it and no action is required.
|
|
|
Tag Incident - Select this option to associate an incident with a custom tag that you can later use in filters.
|
|
|
Download Incident - Select this option to download an incident. This option applies only to data loss prevention incidents. You can download just one incident at a time. This option applies only to DLP and mobile incidents.
|
|
|
Delete - Select this option if you want to delete incidents. Depending on the type of incident (network, endpoint, mobile, or discovery), you may be able to delete selected incidents, all incidents that match the filter criteria for the current report, or all incidents.
|
(See Managing incident workflow for details on all of these options.)
|
|
|
|
|
|
Release - Select this option to release the selected incidents (email messages) from quarantine. This option applies only to data loss prevention incidents on network, endpoint, and mobile email channels. You can add a comment to the confirmation window for future reference if desired.
|
(See Remediating incidents for details on both options.)
|
|
|
|
|
|
Email to Manager - Select this option to email the incident to the manager of the person generated the policy breach.
|
|
|
Email to Other - Select this option to email the incident to another person for action.
|
(See Escalating incidents for details on both options.)
|
|
|
|
|
|
Edit Filter - Select this option to edit the filters applied to the report—for example, choosing a longer time period or single channel.
|
|
|
Table Properties - Select this option to customize the properties of the incident table.
|
|
|
Save - Select this option to save the changes you made to current report.
|
|
|
Save As - Select this option to save the current report with a new name.
|
(See Managing incident reports. for details on all of these options.)
|
|
|
|
|
|
|
|
|
|
Incident list only - Removes the preview so that many more incidents can appear in the list.
|
|
|
Incident list and preview - Displays the incident list and the preview in the same window. Includes scroll bars on the incident list.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
to jump to the first, last, previous, or next incident in the list.