14. Incidents

The Incidents section provides access to the functionality of UserGate Log Analyzer's built-in IRP (Incident Response Platform) system. An incident is a cybersecurity event or a set of cybersecurity events needing investigation. UserGate LogAn allows you to customize the incident investigation process to the needs of a specific company. (For more details, see the section Incident Settings).

The IRP system is tightly integrated with the SIEM system whose functionality is available in the Analytics section. In the Analytics section, you can set incident creation as a response action, thereby automating the process of cybersecurity incident creation (for more details about configuring response actions, see the section Response Actions).

Besides the automatic mode of creation, incidents can also be created manually by a cybersecurity engineer (for more details, see the section Creating Security Incidents).