Manage NGFW Incidents

Table of Contents

Filter

Expand All | Collapse All

Next-Generation Firewall Docs

Getting Started
Administration
Version
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
Networking
Version
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
Incidents & Alerts
Release Notes
Version
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)

Alerts Raised by Leveraging Machine Learning

View Incident Details

Manage NGFW Incidents

Learn how to manage the AIOps for NGFW incidents.

Where Can I Use This?	What Do I Need?
NGFW, including those funded by Software NGFW Credits	One of these: AIOps for NGFW Free or Strata Cloud Manager Essentials AIOps for NGFW Premium or Strata Cloud Manager Pro

Get a birds-eye view of the NGFW incidents by selecting Incidents & AlertsNGFWAll Incidents. Explore the incidents page to keep you informed about changes in your deployment so that you can investigate them and take preventive actions if necessary. You have direct access to a detailed list of incidents alongside critical visual summaries. You can also Hide Summary to hide the widgets and only view the incidents in a tabular format.

Here’s the data shown under All Incidents.

Incidents: Displays all the incidents.

In this table, you can perform the following tasks:
- Hide Summary to hide the widgets and only view the incidents in a tabular format.
- Expand an incident to view its description and impact.
- Under Actions, you can perform the following actions:
  - Assign an incident to a user, yourself, or unassign an incident.
  - Change Priority of an incident or select Not Set to remove the priority.
  - Acknowledge an incident by selecting Yes, which confirms you have seen the incident.
  - Suppress sets an incident to an operational status of "On Hold" when you don't plan on resolving it actively.
  - Add Comment for an incident.
- Click an incident to view its details.
- Use Column Settings to view or hide specific columns for incidents and rearrange the default order of the columns. These changes will persist in the future sessions.
ASSIGNED TO: Displays the number of incidents by the person or entity who has the task of resolving them. At the top, it shows the incidents assigned to the current logged in user and the unassigned incidents. You can also view the numbers of incidents BY CATEGORY by selecting it in the drop-down list.
BY SEVERITY & COUNT (TOP 10): Displays the incidents categorized by severity, along with the count of incidents in each category. Critical incidents are prioritized first, followed by warning incidents, and then informational incidents.
BY STATUS: Displays the total number of incidents by status.
- New indicates the incidents that have been unassigned.
- Assigned indicates the incidents that have been assigned to a user.
- In Progress indicates that the incident is being worked upon.
- On Hold indicates that you don't plan on resolving an incident or incident actively.
- Closed indicates the closed incidents during the last 30 days.
- Inconclusive indicates that there is no solution for these incidents.
BY SEVERITY: Displays the total number of incidents categorized as Critical, Warning, and Informational.
BY PRIORITY: Displays the incidents according to their priority with P1 being the most severe.