Incident Target Explorer Report

The Incident Target Explorer provides visibility into the most targeted IP addresses with visualizations and lists of incidents by threat level and MITRE classification. Use this report to evaluate threats and incidents in your environment, and learn about emerging threats.

For more information about incidents, see Incidents.

To access the Incident Target Explorer:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Threats.
  3. Under Incident Analysis, click VIEW.
  4. Click Incident Target Explorer.

Filter the report

To refine your findings, you can filter your report by Date Range, Customer Account, Deployment Name, Detection Source, Status, and Escalation Status.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Filter the report using visuals

To refine your findings, click an item within a visual. To filter by multiple items, hold down Ctrl or Command, and then click each item in a visual that you want to use to apply a filter. You can filter using visuals and items selected in different sections. Click on an item again to remove a filter.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Top 10 Targets section

This section provides the 10 most targeted IP address counts and percentages, with a color-coded bar representing the count of incidents for the selected date range.

Threat Level section

This section provides the count and percentages of incidents in each threat level generated from the most targeted IP addresses, shown in a color-coded bar graph for the selected date range.

MITRE Tactic section

This section provides the count and percentages for each incident by MITRE Tactic in a color-coded bar graph for the selected date range.

MITRE Technique section

This section provides the count and percentages for each incident by MITRE Technique in a color-coded bar graph for the selected date range.

Incident List section

This section provides a complete list of incidents for the selected date range with details about Customer Account, Create Time, Detection Source, Incident ID, Summary, Targeted IPs, Threat Level, and MITRE classification.