IPS events records not showing under Incidents
search cancel

IPS events records not showing under Incidents

book

Article ID: 234572

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

Since December 2021 you noticed under ICDm> Incident tab no lower incidents records tied to with IPS detections while previously many IPS detection were showing under the same tab with more details of the IPS detection:

Environment

Symantec Endpoint Security Complete. ICDM

Cause

As per the screen shot above. those IPS detection supposed to be on the Incident tab how ever not, they can be found only under client activity or under investigate tab.

Reason:

an Incident can be only if we see that there many events that are tied to the same attack for example IPS+ malware detection+ EDR events and so on that are triggered all together by same Attacker, if this is the case an incident is raised where you can check all the incident history and details of the combination used by the attacker:

 

further details here:

An
 incident is a collection of one or more events that represent a significant risk or potential threat to the organization. Incidents may include the events that
 Symantec Endpoint Security has blocked, because even blocked events contribute to a more complete picture of the larger attack.
However, not all malicious events are escalated to incidents. For example, assume a user visits a spoofed website with a bad reputation. If there is no indication that the user's endpoint became infected or downloaded anything malicious, the event is not likely raised to an incident.
Symantec EDR
does not deem it important enough to bring to an incident responder's attention. However, the event is still recorded.

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Endpoint-Detection-and-Response/About-Incidents/understanding-incidents-events-and-entities-v134644356-d38e88696.html

Resolution

By Design of the product

Powered by Wolken Software