Attributes
Attributes are meant to associate numeric values with incidents. Good examples of attributes are:
- Financial loss associated with the incident
- Number of stolen credentials
- Duration of unavailability
In order to be able to use attributes, you have to add "Valid Attributes". For this, you can go to the administration panel, click on Add on the Valid attributes row. Here is a description of the creation form:
-
Nameis what will be displayed (ex:lossin the screenshot) -
Unit(optional) is the unit that should be used. This makes sure that every analyst uses the same unit. -
Description(optional) is if you want to explain the purpose of this kind of attributes. This is only displayed in the administration panel. -
Categoriesfor which this kind of attribute is available
When you have valid attributes defined, you can add an attribute using the action bar (at the bottom of the incident details page), by clicking on Add and then on Attribute.
Usage notes:
- By default, no valid attribute is defined. This means that you will not have the possibility to add any attribute to an event.
- When an unit is defined, any attribute you add to an incident will automatically be added to any matching attribute. For example, if you have an incident with an attribute
lossset to1000and you add anotherlossattribute with value500, your incident will only keep onelossattribute, with value1500.
All the attributes that you define on incidents can then be used to generate statistics using the Stats > Attributes page. This will show you the following form, where you can filter (or not) incidents you want to include in your statistics. You can also select which data you want to display as bars, and which attributes you want to display as lines.
This will display the following graph:
Below the graph, you will find a list of matching incidents, with the selected attributes' values.