Viewing response history from alert or incident details

After you perform a response action, you can view the response history in one of the following ways:

• From the alert or incident details.
• From the Response history section.
• From a playbook details.

To view the response action history from the alert or incident details:

1. In the main menu, go to the Monitoring & reporting section.
2. Open the Alerts or Incidents section, and then click the ID of the alert or incident for which the response action was performed.
3. In the window that opens, go to the History tab, and then select the Response history tab.

   The table of events is displayed and contains the following columns:

   • Time. The time when the event occurred.
   • Launched by. Name of the user who launched the response action.
   • Events. Description of the event.
   • Response parameters. Response action parameters that are specified in the response action.
   • Asset. Number of the assets for which the response action was launched. You can click the link with the number of the assets to view the asset details.
   • Action status. Execution status of the response action. The following values can be shown in this column:
     • Awaiting approval—Response action awaiting approval for launch.
     • In progress—Response action is in progress.
     • Success—Response action is completed without errors or warnings.
     • Warning—Response action is completed with warnings.
     • Error—Response action is completed with errors.
     • Terminated—Response action is completed because the user interrupted the execution.
     • Approval time expired—Response action is completed because the approval time for the launch has expired.
     • Rejected—Response action is completed because the user rejected the launch.
   • Playbook. Name of the playbook in which the response action was launched. You can click the link to view the playbook details.
   • Response action. Name of the response action that was performed.
   • Asset type. Type of asset for which the response action was launched. Possible values: Device or User.
   • Asset tenant. The tenant that is the owner of the asset for which the response action was launched.
4. If necessary, click the settings icon (), and then select the columns to be displayed in the table.
5. If necessary, click the filter icon (), and then in the window that opens, specify and apply the filter criterion:
   • Add a new filter by clicking the Add filter button.
   • Edit a filter by selecting necessary values in the following fields:
     • Property
     • Condition
     • Value
   • Delete a filter.
   • Delete all filters by clicking the Reset all button.