Security Incidents integrates with security solutions such as FireEye, Fortinet, and Palo Alto Networks to correlate security alerts. Incoming information is normalized into a consistent security event format and provide additional information about the source hosts.
Security Incidents isolates restricts, or blocks compromised endpoints and reduces threat containment time by:
- Automating actions on an event based on policies.
- Providing information in security alerts.
- Prioritizing security events.
- Tracing a threat across IT domains and automating an action to minimize the threat containment time.
If you have not purchased the Security Incidents license you will not be able to access the Security Incidents features.