Viewing and Setting Incident Severity Levels

About Incident Severity

Each incident, issue, or event on ThinkShield Firmware Assurance (TSFA) is assigned a Severity Level, which indicates the level of importance and suggests potential actions needed for a specific device. These severity levels aid in distinguishing between detected issues, enabling administrators to prioritize their tasks for resolution. 

The severity level is assigned based on the status and event type detected. Any event classified as Normal severity is considered current and thus not displayed on an Incident page.

Severity scale: 

1. Normal: expected event, not an incident, no action required. 
2. Low: unexpected incident with little impact. 
3. Moderate: unexpected incident with a higher impact. It is also a default severity level that gets assigned to any new event/status that is not known to the system. 
4. High: unexpected and serious issues. By default, these are any kind of intrusions and security violations.
   
   

Viewing Severity Levels

I.  Navigate to Incidents. The table shows the list of current incidents and detailed information.

Sort and Filter by Severity:

1. Click the arrow next to the Severity label. Click the downward arrow to sort from Low severity, or the upward arrow to sort from High severity. 
2. To use the Filter:
   
1. click Filter.
   
2. Select one or more Severity from the left pane, then check the corresponding checkboxes for the severity level(s) you wish to use for sorting.
   
3. Click Apply.
   

II.  Open the Incident tray and select an Incident from the list. The Device tray shows its status in the top right corner.

III.  Use Device Lookup.

1. Navigate to Device manager > Devices.
   
2. Select the device associated to a specific incident.
   
3. In the Device tray, click the three-dot menu from the top right corner.
   
4. Select Inspect.
   
5. On the right section, the Events Log displays the list of events associated to the device.
   
6. Each event is followed by a red icon; hover the cursor over the icon to see the severity level.
   
   

Setting Severity Levels 

Since each organization has unique priorities, Org and IT Admins can override the severity levels set by the Solution Admin specifically for their organization.

1. Go to the top right corner of the Portal, click on the arrow icon, and select Organization Settings.
2. Select the Incident Severity tab.
   The list of incident types and statuses is presented, with each incident type assigned a severity level, set by the Solution Admin to Lenovo as a recommended option. Therefore, the severity is indicated followed by the word default within brackets.
3. To change a severity level for an Incident Type simply click the arrow and select another value from the dropdown list. Repeat as necessary.
4. Click Save.

You can always go back to default settings set by the Solution Admin. To do this in bulk, select Reset all to default. A warning message will prompt you to confirm the operation.

All changes will be applied to past and future events.

Viewing Severity Distribution across the organization

1. Navigate to the Dashboard.
2. Scroll the page to Severity Distribution. The widget shows all incidents within the organization classed by their severity. 
   

The legend is interactive and contains a redirect link to the Incident table filtered by Severity.

• Related Articles

• Setting Incident Notifications

  Incidents This feature allows users to customize their alert preferences based on the severity level of incidents: Low and higher, Moderate and higher, or High only. When an incident matches the selected severity level, users are promptly notified ...

• Viewing Incidents Report

  To access this report, navigate to the Incidents section. Here, you'll find a comprehensive list of all recorded incidents, including any issues or errors identified based on criteria set by the IT Admin. Incidents are a specific type of event that ...

• Using the Dashboard

  The Dashboard displays data from the entire fleet of devices through various graphs, bar charts, and visual elements, helping users quickly grasp trends and key metrics. As the landing page, it is the first interface users see when accessing the ...

• Setting Up Data Defense

  After completing the installation and activating your account, you can proceed to set up Data Defense. Log in to your account and follow the on-screen wizard, which will guide you through: Setting up a Secure Drive (if available). Configuring folder ...

• About Events and Incidents

  This document provides a structured overview of key security-related incidents logged by ThinkShield Firmware Assurance. Events are categorized based on their nature, severity, and potential impact. Each event includes a brief description, its ...