By default, read and write permissions are granted to all roles for a newly created view of Episode Review. To restrict permissions, see Modify analyst permissions within Episode Review in ITSI.

To update the display for various settings on the Episode Review dashboard, select the Settings button to open the display configuration modal.

Change the list display

You can change the following display settings on the dashboard:

• Table data: view the episodes or notable events on the dashboard

• Color by severity: each row is colored based on its severity

• List density: determines the amount of information displayed for each episode

• Hover to expand details: hover on each row to expand the episode row for more details

• Display count as: set the number value to display either the total number of notable events per episode, or only the number of unique alerts (events with the same event_identifier_string).

Add and remove columns and field data

Each row in Episode Review displays a default set of columns that represent field data. You can add, remove, or rearrange columns based on which fields are important to your investigation on the Fields and data tab. For example, you might add an All Tickets column to display any ticket linked to each episode.

Show or hide tabs

Manage the sequence of tabs that display on each episode on the Tab display tab. Set a default tab (first tab), and show or hide other tabs. You can also group events together that include a specific field.

Auto refresh period

Set the frequency of when episode data is refreshed on the dashboard.

Dashboard

The dashboard and timeline visualizations are now turned off by default. Update these settings on the Dashboard tab.

Collapse or expand side panel

Select Collapse list to hide the list of episodes on the left side panel.

Set a default view

Set a specific episode dashboard as your default dashboard. Either on the left side panel or on the Saved Episode Reviews page, select the Set as Default button in the actions menu.

By default, Episode Review displays episodes rather than notable events. Depending on what kind of issues your organization deals with, you might want to view individual notable events rather than episodes.

To change the episode view, click the gear icon and turn Episode View on or off.

By default, when you select an episode, the Impact tab is displayed in the details panel. Depending on the types of issues you're investigating, you might want to display a more relevant tab, such as the Events Timeline or Common Fields. You can modify the default tab that's selected on a per-dashboard basis. In other words, all episodes within that Episode Review saved view will have the same tab selected by default.

To change the default tab, select the Settings button and update the tab display.

After making the change, click through several episodes to make sure the default tab has changed.

The auto refresh rate determines how often Episode Review is refreshed to display new episodes and events. By default the refresh period is set to Off, which means it never automatically refreshes and you need to refresh your browser to update the dashboard. You can change the refresh period to 1 minute, 5 minutes, 30 minutes, 60 minutes, or 24 hours.

To change the refresh rate, select the Settings button and go to the Auto Refresh Period tab to set the time.

Each row in Episode Review displays a default set of columns that represent specific episode details: Title, Time, Owner, Severity, Status, and Description. You can add, remove, or rearrange columns based on which fields are important to your investigation. For example, you might add an All Tickets column to display any ticket linked to each episode.

To edit the field information displayed, select the Settings button and edit the Fields and data tab.