Some incidents may show a blank details pane even though related raw events are available and can be searched from Analytics.

Incidents with detail:

Incidents with no detail:
Example: Incident triggered by PH_RULE_TO_FORTIGUARD_MALWARE_IP_Mizuho events does not display any incident details.

The incident detail pane is populated using:

1. Triggered Attributes: Event fields selected in the Incident Rule configuration.

2. Parser Output: Data parsed from the raw event and stored as attributes.

If none of the selected Triggered Attributes in the rule are populated by the parser for a particular event type, the incident pane will appear empty.

Workaround:

Add a populated attribute (Details) to the rule’s Triggered Attributes list:

1. Navigate to Resources -> Rules.

2. Edit the rule associated with the affected incident.

3. Under Triggered Attributes, add Details (or any other populated attribute such as Message or Event Description).

4. Save and apply the rule.

5. Re-run the rule on historical data or wait for a new incident of the same type.
6. Open the incident details pane, and the relevant event information should now be displayed.