Incident Workbench Access

    Last updated on:

    Note Please refer to the Incident Workbench Overview page to learn about Incident Workbench. This page details on how to access the workbench in EventLog Analyzer.

    • Log fields you can click on to invoke the Incident Workbench:

      Users:

      • Username
      • Target User
      • VPN UserName
      • User Principal Name
      • Destination User
      • Sourceuser
      • Subject Username

      Process:

      • Process Id
      • Parent Process ID
      • Process GUID
      • Parent Process GUID
      • Process Name
      • Parent Process Name

      Domain analysis:

      • Domain
      • URL Site

      IP Analysis:

      • Source IP
      • Client IP Address
      • Server IP Address
      • Address
      • Destination IP
      • Remote Ip
      • Source Host Address
      • NAT Source Address
      • NAT Destination Address
      • Destination IP
      • Original Client IP
      • IP Address
      • Endpoint IP
      • Private Ip
      • Target Ip

      URL Analysis:

      • Payload URL
      • Object URL
      • URL

    Invoking the Incident Workbench from different dashboards of EventLog Analyzer:

    • From Reports
      • incident-workbench-acces
    • From Log Search
      • incident-workbench-acces
    • From Alerts
      • incident-workbench-acces
    • From Compliance dashboard
      • incident-workbench-acces
    • From Correlation
      • incident-workbench-acces
    • From Incident management console
      • incident-workbench-acces
    Note Minimize the tab to access Incident Workbench while you traverse through different pages in EventLog Analyzer. As long as you don't close the workbench, the analysis will be available even if you log out of EventLog Analyzer and login again. You can also save it to an existing incident or create a new one.