Skip to main content

incident manager

a comprehensive solution dedicated to the life cycle management of incidents

the incident manager module

is a comprehensive solution dedicated to the lifecycle management of incidents spanning areas of information security, IT infrastructure, abnormal user behaviors, and business process errors.

Its primary role is to capture crucial events as incidents, streamlining the organization and offering tools to manage identified incidents.

Incidents can be auto-generated through specific rules or correlation queries, but can also be formulated via manual entry, or automatic shifts in the metrics or indicators of the Asset-Service-Model.

key features

The first thing we will focus on is the Incident Manager module, which collects the triggers of correlation rules. This ensures that all potential incidents are captured and brought to your attention for further analysis and action.
The primary role of the module is to capture critical events as incidents. This simplifies organizational processes and offers robust tools to manage identified incidents, ensuring that important security and operational events are never overlooked.
The Incident Manager seamlessly integrates with the Asset-Service-Model, enabling automatic incident generation based on changes in metrics or indicators. This deep integration enhances the analysis of incidents, providing a more comprehensive view of security and operational events.

customizable incident cards

Customize incident cards with custom fields to tailor incident management to your organization's specific requirements. This flexibility ensures that you capture the right data for thorough incident analysis.

customizable workflows

Tailor workflows to match your organization's unique incident management needs, allowing for flexibility in response strategies.

    aggregation functionality

    Its main purpose is to group a series of incidents and provide their group processing according to specified rules.

    How to aggregate incidents? You can configure rules related to the same logic of incident detection and group them, for example, based on the value of a certain field (e.g., by user and host). You can also set up more complex grouping rules. For example, when we combine several incidents of different types based on a combination of fields.

    In addition to other features, aggregations offer additional settings to flexibly form groups.

    ad-hoc actions

    This approach allows the operator to initiate actions while investigating an incident. This means entering the incident card, pressing the corresponding button, and then an active action will take place (send a notification, create a ticket, run a script with any necessary logic).

    Ad-hoc Actions can also be configured to apply to specific types of incidents: certain types of actions will be available for some incidents, while others will have different options. You can also set up a role model - certain operators will have access to actions, while others will not. This functionality is available not only for individual incidents but also for aggregations.
    Leave comments during the investigation process, facilitating collaboration among incident response teams and maintaining a detailed record of actions taken.
    Easily track the work of responsible parties, ensuring that incidents are assigned, monitored, and resolved efficiently.
    Workflow automations reduce manual intervention, increasing response efficiency and minimizing human error.

    Contact Us

    Please type your full name.
    Invalid Input
    Invalid email address.
    Invalid Input
    Invalid Input

    We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.