What type of events does the ES Incident Review dashboard help to triage?

The ES Incident Review dashboard is specifically designed to triage notable events. Notable events are significant alerts or issues that have been flagged for further investigation within the security environment. These events usually arise from the analysis of various underlying logs and telemetry data that correlate to indicate potential security incidents.

The functionality of the ES Incident Review dashboard allows analysts to prioritize and investigate these notable events effectively. It provides a structured view of critical incidents, displaying pertinent details such as the status of the event, the associated risk score, and any additional metadata that can aid in analysis. By focusing on notable events, security professionals can make informed decisions to address threats promptly and mitigate risks to the organization.

Authentication events, network data entries, and general security threats are important components of a security analysis but are not the primary focus of the ES Incident Review dashboard. The dashboard is tailored to highlight and manage notable events that require immediate attention, ensuring that security teams can respond quickly to the most impactful incidents.