Incident Details

The following table describes the basic information Workbench provides about incidents.




The score that Trend Vision One assigns to the incident based on the aggregate scores from related alerts

Incident ID

A unique identifier for the incident

Incident name

The name of the incident

Last updated

The date and time Trend Vision One last updated the incident and the last update status

  • New alert correlated: An alert has been correlated and associated with the incident

  • Incident merged: Trend Vision One created the incident by merging multiple incidents

  • Alert unlinked: One or more alerts were manually unlinked from the incident

  • Alert linked: One or more alerts were manually linked to the incident

  • Older alert data no longer available: One or more alerts older than 180 days have expired and were removed from the data log

Associated alerts

The total number of related alerts and the number of active alerts associated with the incident


An alert can only be associated with one incident.

Impact scope

The number of entities that the incident affects within the company network


The date and time Trend Vision One generated the incident


The Trend Vision One accounts in your organization assigned to the incident

The following table describes the alert information displayed on the alert details screen.



Alerts (Incident View)

Detailed information about the incident and the list of alerts included in the incident.

Incident Timeline

Displays the timeline of the incident, and the root cause, lifecycle, and impact scope of an incident.

Impact Scope

The list of entities affected by the incident.

Highlighted Objects

The list of highlighted objects from the associated alerts. Trend Vision One analyzes highlighted objects to correlate alerts.

  • You can select one or more highlighted objects and choose a response action to take on the objects.

  • Gmail only supports the "Delete Message" response action.