Skip to content

Incidents

Overview

The Incidents section of the Incident Portal is a comprehensive area where users can view and manage all security incidents within their environment. This includes incidents reported by users as well as potential threats identified by our Security Information and Event Management (SIEM) system.

Key Features

  • Incident Dashboard: A real-time view of all current and past incidents, providing a high-level summary of each event, its status, and priority.
  • Incident Details: Click on any incident to access detailed information, including the incident timeline, affected systems, and remediation steps taken or recommended.
  • Automated Alerts: Receive notifications for new incidents detected by the SIEM, ensuring that you are informed of potential threats as they arise.
  • Reporting: Although not for creating reports, this section provides a summary and analysis of incidents which can be referenced in monthly security reports.

User Actions

  • Access the Incident Dashboard: Upon logging into the Incident Portal, navigate to the Incidents section to see an overview of all incidents.
  • Review Incident Summary: The dashboard will display a list of incidents with key information such as date, status, and category.
  • Filter and Sort: Utilize filters to view incidents by date range, status (open, in progress, closed), or severity to easily find specific incidents.

Managing Incidents

  • Incident Selection: Click on an incident to view more detailed information. Investigate: Access logs, related alerts, and other relevant data within the incident details to understand the context and impact.
  • Action: Follow the provided guidance or steps for remediation and update the incident status accordingly.

Communication

  • Collaboration: Use the built-in communication tools to collaborate with your security team and other stakeholders directly within an incident’s details page.
  • Updates and Notes: Add updates or notes to an incident to document actions taken and share information with team members.

Best Practices

  • Regularly check the Incident Dashboard for updates on current incidents.
  • Ensure that all incidents are updated with the latest actions taken for accurate tracking.
  • Use the communication features to maintain clear and consistent communication among all parties involved in incident resolution.