The Incident Management tab lists incidents occurring in the organization.

This page lists the total number of incident records found, showing up to 50 records per page. To view additional records, use the pagination buttons at the bottom of the screen.

Four prompts are available from which you can filter the information to show incidents by these factors:

• time period (today, last 24 hours, week, month, or year, or a date period you specify),
• cloud (managed or unmanaged).
• severity (low, medium, or high)

• status (open, under investigation, or resolved)

  The incident management list provides the following information. Use the Column Filter at the upper right to show or hide additional columns.

  Column	What it shows
  Date	The date and time of the last known occurrence of the incident.
  Policy Violation	The policy that the incident violated.
  User Name	The name of the user for the incident.
  Account Name	The name of the cloud on which the incident occurred.
  Severity	The severity of the incident — low, medium, or high.
  Status	The resolution status of the incident — open, under investigation, or resolved.
  Subject	The text of the subject for the violating email.
  Recipient	The name of the recipient of the violating email.
  Actions	The actions that can be taken for this incident. Two icons are displayed. Quarantine -- If the policy that was violated has an action of Quarantine, this icon is enabled. When clicked, this icon takes the administrator to the Quarantine Management page. Activity Audit Logs -- When clicked, this icon takes the administrator to the Activity Audit Logs page. The Activity Audit Logs page shows the same data available on the Incident Management page, in a different format.

  You can use Search box to find information about a specific violation.