Attaching data to Incident Case elements
You can use the Data Collection tab to attach information to provide context for investigating the incident.
The following types of data can be attached to the Incident Case:
Data Item | Explanation |
---|---|
Logs | Log, alert, and audit entries from Firewall or IPS engines and Log and Management Servers. |
Policy Snapshot | A record of a configuration stored in the upload history. Policy Snapshots help to establish which policies were in place at the time of the incident. |
Memo | A simple text file for attaching excerpts of text, for example, by copying and pasting from email, IRC or instant messaging. |
File | Any type of file. For example, saved reports, text files, saved e-mail messages, packet capture files, or screenshot images. |