Investigating offenses

Use the IBM® QRadar® Incident Overview application extension to get more information on an offense.

Procedure

  1. Click the bubble on the Recent Incidents bubble graph for the offense you want to investigate.

    An information pane is displayed:

    Incident Overview user interface
  2. In the information pane, you can interact with a number of elements.
    • Click the link in Incident Type row to view an X-Force IP report on the incident's Source IP.
    • Click the location marker in the Incident Contributors map to view an X-Force IP report on the incident Destination IP.
    • Click Investigate to open the Offense Summary page for the offense in a new tab.