Each incident type has a layout. When building or customizing an incident layout, you want to display the most relevant data for analysts at all stages of the incident life cycle, from ingestion to remediation. For example, in the Investigation tab of the phishing layout, you can see information about the email (ID, subject, sender, etc.), the email text, attachments, the email image (using Rasterize), indicators, etc. In this section, we will review the phishing layout as it comes out of the box, create additional custom fields, and add fields to the phishing layout.