SurgeONE.ai Logo     Cyber Compliance > Incident Management Online Help                             
Table of Contents
× This online help page is dedicated to the SurgeONE.ai Incident Management page which allows users to initiate a sophisticated analysis of cybersecurity incidents powered by artificial intelligence. By leveraging advanced algorithms, the system can automatically assess and evaluate the nature and potential impact of a security event, leading to more efficient and accurate incident handling.

The accessibility and functionalities of the different sections of this page are dependant on the role based access controls / permissions set for the logged-in user. For more details refer to the Roles online help.

1. Navigating to the Incident Management page

Click on the Cyber Compliance or Cyber Compliance menu option of the left panel menu and then on the expanded sub-menu under it labeled as Incident Management to get redirected to the Incident Management page.

Using the Incident Management menu on the left panel Fig: 1 - Using the Incident Management menu on the left panel

Here is the partial view of the Incident Management page.


Incident Management page partial view


Fig: 2 - Incident Management page partial view

2. Understanding the various elements of the Incident Management page


An advanced AI-driven feature lists and scores cyber incidents dynamically in this page. Once an incident is analyzed, the AI offers a comprehensive report that includes:

    1. Severity Level: Classification of the incident's seriousness, which helps in prioritizing the response efforts.
    2. Risk Score: A quantifiable measure of the potential risk posed by the incident, aiding in strategic decision-making.
    3. Recommended Actions: Tailored suggestions based on the analysis, guiding users on the best practices to follow during incident management.
    4. Remediation Steps: Specific actions needed to mitigate the impact of the incident, ensuring a clear path to resolution.


Refer to the following screenshot which is marked with numerical values that correspond to the below stated points.


Understanding the various elements of the Incident Management page


Fig: 3 - Understanding the various elements of the Incident Management page

  1. Search bar, AI score slider and date range fields to filter result(s)
  2. Grid view column populates the loaded or filtered result(s)
  3. Export button to generate local copies of grid view result(s)
  4. Vertical ellipsis icon beside Export button to customize the grid view columns
  5. Pagination options are provided at the bottom to control the page items limit and to navigate to other page entries
NOTE: The following sub-sections elaborate further to the above-stated points. The sub-section level identifiers correlate with the numerical values indicated on the above screenshot.



2.1. Using the Incident Management filters

The following filters/options are present above the incident grid view.

  • Search bar
  • AI Suggested Severity dropdown
  • AI Risk Score (10 -> 100) slider
  • Start Date (date selection) calendar
  • End Date (date selection) calendar
  • Apply button
  • Refresh icon

Let us illustrate each filter one by one.


2.1.1. Search bar

The ability to search across multiple columns enhances the precision of queries, empowering users to surface relevant information quickly and take action with confidence. It minimizes manual browsing and supports dynamic interaction with large datasets by enabling users to instantly locate incidents through keyword input.

You can use the search bar to enter text and find matching incidents. Based on the search query entered, matching results are listed out in the grid view, after quick search operation is executed based on any column data. Here is the view of search operation executed on the basis of the Risk Score column data.

Search operation Fig: 4 - Search operation

If results are not found based on the search query, the grid displays the No matching records found label.

No matching records found Fig: 5 - No matching records found


2.1.2. AI Suggested Severity dropdown

The AI Suggested Severity dropdown can be used to filter out grid view results. Here is the default view.

AI Suggested Severity dropdown Fig: 6 - AI Suggested Severity dropdown

You can select any one out of the three provided options - AI Suggested Severity - All, Low and High to filter the grid view results.

Default dropdown options Fig: 7 - Default dropdown options

You can proceed to drag any one of the slider boxes to alter the range set in the AI Risk Score slider. Based on your changes, the range value displayed beside it also gets updated. The dropdown options visibility can also change depending on the slider range set. Consider the following scenarios:

  1. When the lower value of the slider is set to < 26 then the Low dropdown option is displayed, along with the AI Suggested Severity - All option.

    2. High dropdown option not getting displayed due to slider range set Fig: 8 - High dropdown option not getting displayed due to slider range set

  2. When the slider range is set between 26 and 84, then only the AI Suggested Severity - All option is displayed.

    3. Low and High dropdown option not getting displayed due to slider range set Fig: 9 - Low and High dropdown option not getting displayed due to slider range set

  3. When the higher value of the slider is set to > 84 then the High dropdown option is displayed, along with the AI Suggested Severity - All option.

    4. Low dropdown option not getting displayed due to slider range set Fig: 10 - Low dropdown option not getting displayed due to slider range set


2.1.3. AI Risk Score (10 -> 100) slider

You can filter incident results populating the grid view based on the incident risk score value by using the AI Risk Score (10 -> 100) slider. By default, the slider range is set from 10 to 100. The slider value range is displayed as a read-only value to the right side of this slider. Any incidents which are having the AI detected risk score value between 10 and 100 is thus displayed in the grid view by default.

AI Risk Score slider default view Fig: 11 - AI Risk Score slider default view

You can proceed to drag any one of the slider boxes to alter the range. Based on your changes, the range value displayed beside it also gets updated. Click on the Apply button to filter grid view results based on the custom slider value range that is set.

Custom range set in AI Risk Score slider Fig: 12 - Custom range set in AI Risk Score slider


2.1.4. Start Date calendar

You can filter incident results based on the incident starting date by selecting a calendar date from the Start Date filter. By default, the date which is one year prior to the current date is set.

Start Date filter Fig: 13 - Start Date filter


2.1.5. End Date calendar

Similarly, you can filter incident results based on the incident ending date by selecting a calendar date from the End Date filter. By default, the current date is set.

End Date filter Fig: 14 - End Date filter


NOTE: The date must be correctly specified. The system will prompt a validation message below the field if the end date value is set prior to the start date value.

End Date filter validation prompt Fig: 15 - End Date filter validation prompt



2.1.6. Apply button

You can click on the Apply button to generate incident results based on the date filter(s) set.

Apply button Fig: 16 - Apply button


2.1.7. Refresh icon

Click on refresh icon to remove any entered search bar query text or date range filters set and reset them to the default state. After you click on it, the grid view gets repopulated with the latest incident entries. By instantly clearing search inputs and filters while updating the grid view with the most current incident data, it provides users with a quick way to reset and regain a clean, unfiltered perspective.

Option to refresh the filters by removing any search input text Fig: 17 - Option to refresh the filters by removing any search input text



2.2. Understanding the grid view

AI-powered cyber event generation auto-creates an incident form upon issue detection. For each incident of a user, the AI reviews incident details and provides remediation and recommended actions based on a set of rules. The system logs all actions from detection to resolution. Such entries get listed in the Incident Management page grid view.

Instead of simply responding to incidents after they happen, cybersecurity and compliance teams can use the various menu options of each detected incident as well as data exporting capabilities, to address threats and vulnerabilities, before they lead to serious breaches. This proactive approach not only mitigates risks but also significantly reduces incident response times and enhances overall system resilience.

The following columns are present in the grid view by default.

  1. Incident Source - Displays the origin or affected application/endpoint of the incident
  2. Linked User - Displays the associated account
  3. Isolation Status - Displays the isolation status of the incident. It can be displayed as either Isolated or Not Isolated.
  4. Brief Summary - Shows a brief information about the incident
  5. Detection Time - Shows the time of the incident in [(Month 3-lettered abbreviation) (DD) (YYYY) (HH:MM)(AM/PM)] format
  6. AI Suggested Severity - Displays the rank or tier of severity of the incident such as High, Low, etc.
  7. AI Risk Score (10 -> 100) - Displays the AI calculater risk score, where a higher score indicates a greater risk
  8. Status - Displays the current status of the incident such as Assigned, Resolved, Needs Review, etc.
  9. Assigned To - Displays the application username who is assigned to look into this incident
  10. Action - Displays the vertical ellipsis icon which can be used to toggle the row-context menu options

The following image displays a partial screenshot of the Incident Management page grid view.

View of the grid populated with incidents Fig: 18 - View of the grid populated with incidents

NOTE: All the columns are sortable except for the Action column.



2.2.1. Using the Action column menu options

The Action column menu options interface design promotes incidents clarity, intuitive navigation and task-oriented efficiency. By grouping essential incident management options under a single, easily accessible menu, users are guided through a focused workflow without visual clutter. This not only streamlines decision-making but also aligns with user expectations for a seamless, responsive experience, empowering them to take precise actions with minimal effort.

The menu options View Details, Assign / Re-assign and Resolve are displayed after clicking on the vertical ellipsis icon of the Action column. The following sub-sections explain the functionality of each of these.

Toggled row-context menu options Fig: 19 - Toggled row-context menu options



2.2.1.1. Using the View Details menu option
  1. To view detailed information about an incident, click on the vertical ellipsis icon of the ACTIONS column against the row entry. Then click on the expanded View Details menu option.

    2. View Details option to view the incident details Fig: 20 - View Details option to view the incident details

  2. A modal window titled as Incident Details loads. It displays a comprehensive information pertaining to the chosen incident.

    3. View of the loaded modal window Fig: 21 - View of the loaded modal window

    The following fields are displayed:

    1. Incident Summary - It displays the summarized info along with the affected resource address
    2. Category - It displays the category or multiple categories of the incident
    3. Brief Summary - It displays the brief info along with the affected resource address
    4. Detection Time - It shows the time of the incident in [(Month 3-lettered abbreviation) (DD) (YYYY) (HH:MM)(AM/PM)] format
    5. Incident Group - It displays the group which the incident is associated with
    6. Risk Level - It the rank or tier of severity of the incident
    7. Device Name - It displays the model name of the affected device
    8. Device IP - It displays the IPv4 address of the affected device
    9. Device ID - It displays the unique identifier of the affected device
    10. Device Type - It displays the type of the affected device
    11. Device Health - It displays the health category of the affected device
    12. Operating System - It displays the operating system name and version of the affected device
    13. Linked User - Displays the associated user account
    14. Isolation Status - Displays whether the affected device is isolated or not isolated
    15. Specifics Threat - It displays the actual type of the threat which caused the incident
    16. Behavioral Details - It displays related info pertaining to the threat
    17. Action Occurred On - It displays the associated timing of action
    18. Automated Actions - It displays automated actions info, if any
    19. Outcome Actions - It displays associated info, if any
    20. Current State - It displays the current state category type
    21. Incident Source - It displays the origin or affected application/endpoint of the incident
    22. Sophos Agent Version - It displays the associated version number
    23. Incident Manager - It displays the username, if applicable
    24. Assigned To - It displays the application username who is assigned to look into this incident
    25. Status - It displays the current status of the incident such as Assigned, Resolved, Needs Review, etc.
    26. Creation Date - It displays the creation date-time value
    27. Modified On - It displays the date-time value of any edit or modification activity
    28. AI Suggested Severity - Displays the rank or tier of severity of the incident such as High, Low, etc.
    29. AI Risk Score (10 -> 100) - Displays the AI calculater risk score, where a higher score indicates a greater risk
    30. AI Suggested Remediation - It displays the suggested objective as complied by the AI to resolve this incident
    31. Recommended Actions by AI - It displays the preferred or suggested actions as complied by the AI to resolve this incident
    32. AI Response Time (In Sec) - It displays the total time (in seconds) taken by the AI to generate its suggestion or response
    33. Notes - It displays any notes (if it is present), such as - Incident Resolved
NOTE:
  1. You can close the view by clicking on the cross icon at the top-right of the modal window.
  2. You cannot modify any field info or add info to any blank field, which is displayed in the modal window.
  3. Alternatively, to generate a local copy of the displayed dataset, you can click on the Export button at the bottom-right. Here is the view of the pdf file contents after opening the downloaded file.

    4. View of the exported pdf file contents Fig: 22 - View of the exported pdf file contents

  4. Only the View Details menu option is displayed when the incident Isolation Status is set as Isolated and the Status is set as Resolved. You cannot find the Assign/Re-assign or the Resolve menu option in that case.

    5. Only the View Details menu option getting displayed Fig: 23 - Only the View Details menu option getting displayed




2.2.1.2. Using the Assign menu option

The Assign menu option reinforces collaboration, responsibility and operational efficiency in managing incidents. By providing users with the ability to delegate tasks to designated team members directly within the interface, it supports a transparent and accountable workflow. This functionality emphasizes team-based problem solving while giving users the control to distribute workload intelligently, promoting shared ownership and prompt resolution.

  1. To assign or delegete an existing application user with an incident, click on the vertical ellipsis icon of the ACTIONS column against the row entry. Then click on the expanded Assign menu option.

    2. View of the toggled Assign menu option Fig: 24 - View of the toggled Assign menu option

    A modal window titled as Incident Resolution Team loads. It lists the various application users who are part of this team (configured from the Roles module).

    Incident Resolution Team modal window Fig: 25 - Incident Resolution Team modal window


    NOTE: Here is the view of the team in the Roles page.

    View of the Incident Resolution Team in Roles page Fig: 26 - View of the Incident Resolution Team in Roles page


  2. Click on the checkbox against any user belonging to this team to assign that user with this incident.
  3. Click on the Assign button after making at least one checkbox selection.

    4. Assigning user to incident Fig: 27 - Assigning user to incident

  4. Get redirected to the Incident Management page. A success notification can be seen at the top.

    5. Success notification prompt after assigning user Fig: 28 - Success notification prompt after assigning user


NOTE:
  1. A search bar is provided at the top-right so that you can easily find the desired user via the quick search facility.

    2. Searching for a user in the Incident Resolution Team modal window Fig: 29 - Searching for a user in the Incident Resolution Team modal window

  2. If you click on the Assign button without making at least one checkbox selection, the system will not prompt a tooltip for you and will not permit you to proceed unless you do so.

    3. View of the user selection tooltip prompt Fig: 30 - View of the user selection tooltip prompt




2.2.1.3. Using the Re-assign menu option

If you assign a user, then the row-context menu option label changes from Assign to Re-assign. The functionality remains the same of reassigning as that of assigning a user, and hence it has not been elaborated again. For details, refer to the above sub-section.

Row-context menu option label change Fig: 31 - Row-context menu option label change



2.2.1.4. Using the Resolve menu option

This menu option supports clarity, accountability and user empowerment in incident management. It encourages users to document outcomes clearly and thoughtfully by offering a straightforward interface to record resolution notes for responsible incident data handling.

  1. To view detailed information about an incident, click on the vertical ellipsis icon of the ACTIONS column against the row entry. Then click on the expanded Resolve menu option.

    2. Resolve option to provide resolution notes to an incident Fig: 32 - Resolve option to provide resolution notes to an incident

  2. A modal window titled as Resolve loads to obtain your resolution notes or feedback.

    3. View of the loaded Resolve modal window Fig: 33 - View of the loaded Resolve modal window

  3. Enter relevant or necessary text in the Notes field with the placeholder text Enter Notes.
  4. Click on the Resolve button to store your entered notes.

    5. Clicking on the Resolve button after entering resolution notes Fig: 34 - Clicking on the Resolve button after entering resolution notes



2.3. Using the Export button

The export functionality reflects key user values such as accessibility, control, and efficiency. By offering clearly labeled options to download data in either CSV or PDF formats, users are empowered to retain and share incident records in the format that best suits their workflow. This simple interaction aligns with a user-centric approach that prioritizes transparency, ease of use, and the freedom to manage one's own data independently.

  1. Click on the Export button to load the export options (to download a local copy of the generated incident).

    2. Export button Fig: 35 - Export button

  2. Two options labeled as CSV and PDF load below the button. Click on the former to download an excel file or on the latter to download a .pdf copy.

    3. Export options Fig: 36 - Export options


    NOTE: You can also click on the Export button at the bottom-right of the Incident Details modal window to download a pdf copy of the incident sumary.

    Export button of Incident Details modal window Fig: 37 - Export button of Incident Details modal window




2.4. Customizing the grid view columns

Users can prioritize the columns they find most useful and hide the ones they feel are unnecessary, for optimal visibility. This level of personalization minimizes the time spent searching for information, reduces clutter and facilitates better decision-making.

  1. You can also click on the vertical ellipsis icon to the right of the Export button to proceed to customize the grid view columns.

    2. Icon to load Incident Attributes modal window Fig: 38 - Icon to load Incident Attributes modal window

    A modal window titled as Incident Attributes loads with two column groups labeled as Incident Details and AI Response in a collapsed state. The numerical values within the parenthesis (to the right of the column group labels) indicate the number of columns already in use for the Incident Management page's grid view display.

    View of the loaded modal window Fig: 39 - View of the loaded modal window

  2. Click on the right arrow icons against them to expand the collapsed column groups to reveal the columns belonging under its grouping. The columns which are already in display will display as pre-selected. Make necessary checkbox selections according to your preference.

    3. Viewing and selecting the column checkboxes Fig: 40 - Viewing and selecting the column checkboxes

  3. Click on the Save button to make the changes to the grid columns' visibility.

    4. Customizing the grid columns visibility Fig: 41 - Customizing the grid columns visibility



2.5. Using the pagination options

When working through a large number of incident reports, the pagination controls at the bottom of the page make your experience far smoother. Once your preferred view is set, navigation becomes a breeze. The provided options help keep things tidy and manageable, all while keeping you in full control of how much incident data you see at a time.

Pagination options are provided at the bottom.

  • By default, 10 incidents get listed in the page. The page items count at the bottom-left can be set to either one of the following options - 10, 25, 50 or 100.
  • Use the arrow icons or the page numbers at the bottom-right to navigate through multiple pages and flick through the entries with ease, which populate the grid view as per the selected count of items per page.

Incident Management page pagination options Fig: 42 - Incident Management page pagination options






× [END OF ONLINE HELP. FOR MORE DETAILS CHECK OUT OTHER USER HELP FILES.]
    © SurgeONE.ai. All Rights Reserved.                               This online help was last updated in July, 2025.