Working with RiskVision Incidents

Technical Library | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Working with RiskVision Incidents

Working with RiskVision Incidents

Incidents | TRITON RiskVision | v2.1 | 02-Jun-2016

When an HTTP or SMTP transaction analyzed by TRITON RiskVision is found to contain malicious, suspicious, data loss, or data theft activity, an incident is recorded. The incident record includes information about the transaction, and about why analysis flagged it as an incident.

Use the Incidents page in the RiskVision Local Manager to review and investigate incidents in the Transaction Viewer.

By default, the Transaction Viewer shows:

All incident records in the database

All threat levels

Monitored traffic and incidents from manually submitted pcap files

Columns most useful to investigating HTTP-based incidents

For information about all of the ways you can customize the Transaction Viewer, see Customizing the Transaction Viewer.

Incident details

More information may be available about individual incidents than can be displayed in the Transaction Viewer table. To see all available details about an incident, switch the View details toggle to ON, then select a row in the table.

This opens an additional panel at the bottom of the table. See Understanding RiskVision incident details for more information about the details that may be shown.

Advanced file analysis

If a file is sent for external file analysis, the results of the analysis may include a link to a report. When this occurs, the value in the Threat Level field (Malicious, Suspicious, or No Threat Detected) is underlined, and becomes a link to the report. Click the Threat Level value to open the report in a new browser window.

For Threat Protection Appliance reports, you are prompted to log in to the Controller, then taken to the report page.

File Sandboxing report sample

Threat Protection Appliance report sample

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Working with RiskVision Incidents

Copyright 2016 Forcepoint LLC. All rights reserved.