TSFA Incident Overview

TSFA Incident Overview

The TSFA Incident Overview provides a centralized view of all TSFA Security incidents detected across your fleet. It enables administrators to monitor and export events efficiently from a single, organized workspace.

Prevalence Incidents Tab

To strengthen security visibility, TSFA uses a prevalence model to identify rare or low-frequency device events across your fleet. It detects anomalies such as unusual firmware updates, BIOS password changes, or long-inactive devices—highlighting potential risks that may require manual verification.

The model runs automatically each night, analyzing the previous day’s device activity. It calculates event frequency across your device fleet and determines whether an incident qualifies as low frequency based on your organization’s configured thresholds.

Go to Device Insights > TSFA Security and select Prevalence Incidents.

Only events identified as low frequency—those occurring on a small percentage of devices—are flagged and displayed.

Within the Prevalence Incidents, you will find three sub-tabs:
  1. Last 24 Hours
  2. Last 7 Days
  3. Last 30 Days
Each sub-tab displays incidents that were flagged as low frequency within the selected timeframe. For more information, read Setting Up Prevalence Incident Thresholds.

Incident Prevalence Widget on Dashboard

  1. Navigate to the Dashboard
  2. Locate the Prevalence Model Summary widget.
    This widget provides a quick summary of prevalent incidents. It includes a dropdown menu that allows you to select a time range: Last 24 Hours (default), Last 7 Days, or Last 30 Days

Incident Device Tray

When you select an Incident from the list, the Incident Tray appears on the right side of the screen. The tray displays key information about the incident along with a detailed Log.

Inspect Device: This feature is available from the three-dot menu. Selecting it redirects you to LDO > Device Insights, where a detailed view of the selected device is displayed. For more information read Managing Devices in Device Management.

Exporting a List of Incidents

To export a list of incidents in .CSV format:
  1. Click Export icon
  2. Click Yes to confirm. 
  3. Save the file to your computer.



    • Related Articles

    • Setting Up Prevalence Event Thresholds

      Org Admins can configure Prevalence Event Thresholds to control how prevalent issues are identified. Values must be between 0.01% and 99.99%, with up to two decimal places. If no decimal is provided, the value is treated as a whole number. Trailing ...

    • Using the Dashboard in LDO

      The Dashboard is the home page of Lenovo Device Orchestration, providing an at-a-glance overview of the devices in your organization and related information. It consists of multiple widgets, each representing a different category of device ...

    • TSFA Security Event Log Reference

      This document provides a structured overview of key security-related incidents logged by ThinkShield Firmware Assurance. Events are categorized based on their nature, severity, and potential impact. Each event includes a brief description, its ...

    • Managing Devices in TSFA

      Please refer to the following article: Managing Devices.

    • Onboarding Chrome Devices in TSFA

      Please refer to the following article: Onboarding Chrome Devices.