a comprehensive solution dedicated to the life cycle management of incidents
the incident manager module
is a comprehensive solution dedicated to the lifecycle management of incidents spanning areas of information security, IT infrastructure, abnormal user behaviors, and business process errors.
Its primary role is to capture crucial events as incidents, streamlining the organization and offering tools to manage identified incidents.
Incidents can be auto-generated through specific rules or correlation queries, but can also be formulated via manual entry, or automatic shifts in the metrics or indicators of the Asset-Service-Model.
key features
comprehensive incident collection
The first thing we will focus on is the Incident Manager module, which collects the triggers of correlation rules. This ensures that all potential incidents are captured and brought to your attention for further analysis and action.
capture key events as incidents
The primary role of the module is to capture critical events as incidents. This simplifies organizational processes and offers robust tools to manage identified incidents, ensuring that important security and operational events are never overlooked.
integration with asset-service-model
The Incident Manager seamlessly integrates with the Asset-Service-Model, enabling automatic incident generation based on changes in metrics or indicators. This deep integration enhances the analysis of incidents, providing a more comprehensive view of security and operational events.
customizable incident cards
Customize incident cards with custom fields to tailor incident management to your organization's specific requirements. This flexibility ensures that you capture the right data for thorough incident analysis.
customizable workflows
Tailor workflows to match your organization's unique incident management needs, allowing for flexibility in response strategies.
aggregation functionality
Its main purpose is to group a series of incidents and provide their group processing according to specified rules.
How to aggregate incidents? You can configure rules related to the same logic of incident detection and group them, for example, based on the value of a certain field (e.g., by user and host). You can also set up more complex grouping rules. For example, when we combine several incidents of different types based on a combination of fields.
In addition to other features, aggregations offer additional settings to flexibly form groups.
ad-hoc actions
This approach allows the operator to initiate actions while investigating an incident. This means entering the incident card, pressing the corresponding button, and then an active action will take place (send a notification, create a ticket, run a script with any necessary logic).
Ad-hoc Actions can also be configured to apply to specific types of incidents: certain types of actions will be available for some incidents, while others will have different options. You can also set up a role model - certain operators will have access to actions, while others will not. This functionality is available not only for individual incidents but also for aggregations.
collaborative investigation
Leave comments during the investigation process, facilitating collaboration among incident response teams and maintaining a detailed record of actions taken.
responsibility tracking
Easily track the work of responsible parties, ensuring that incidents are assigned, monitored, and resolved efficiently.
automation for efficiency
Workflow automations reduce manual intervention, increasing response efficiency and minimizing human error.