Incidents
1 TopicMDATP and Incident Handling
Hi! We do security incident handling based on incidents in MDATP. But we find it troublesome that a incident can contain several computers. The fact that alerts tied to the same computer end up in one incident is great, but when you start handing these cases it gets messy real fast if there is 28 computers in one MDATP Incident. I would like the option in MDATP for Incidents to be limited to one machine. Thoughts?