Following are the UI actions that are displayed on the security incident
form.
To navigate to the form UI actions:
Go to Workspaces > Security Incident Response Workspace.
Select any security incident from the list view.
All the UI actions are present in the top-right corner of the security incident form.
표 1. Workspace Form UI actions
Field Name
Description
Discuss
Create or start a sidebar discussion for the security incident.
Save
Save or update the Security Incident Response record after making any changes.
Create Response Task
Create a response task for the security incident.
Compose Emails
Compose emails for the security incident.
Add Playbook
Add the playbook manually for the security incident.
Create Incident
Create an incident within the security incident.
Create Customer Service Case
Create a customer service case for the security incident that will be tracked by the Customer Service Management (CSM) team.
주:
This option is available only when Customer Service Management (CSM) is
installed.
Open Associated Wokflow(s)
Open any workflow(s) context associated with the security incident. This option would be visible only if there are any workflows.
Create Change Request
Create a change request within the security incident.
Create Problem
Create a problem within the security incident.
Create Outage
Create an outage within the security incident.
Calculate Severity
Calculate the severity of a security incident using predefined calculators. The severity is calculated based on the predefined rules in the calculators. The severity of an incident is based on the Risk
score, Business Impact, and Priority.
Run EDR Profile
Select and run the EDR Profile for the required integration.
주:
This option is available only when any integrations are installed.
Link to Major Security Incident
Link a security incident to a major security incident.
Report risk event
Report this security incident as a risk event to the Risk Management team. The Risk Management team analyzes the event and ensure that such events and the associated losses don’t reoccur.
주:
This option
is available only when Risk Management is installed.
Unlink from Major Security Incident
Unlink from major security incident.
Propose as Major Security Incident
Propose a security incident as a major security incident.
Promote to Major Security Incident
Promote a security incident as a major security incident.
Run Additional Action(s) on Endpoint
Run additional actions on the endpoint.
주:
This option is available only when Endpoint integrations are installed. For example: FireEye HX
Create a new Event in MISP
Create and modify events in MISP automatically or manually.
주:
This option is available only when MISP integration is installed.
Associate MITRE ATT&K Technique
Associate MITRE ATT&K Techniques to the security incident.
주:
This option is available when MITRE ATT&K is installed.
Show MITRE ATT&K info
Shows the MITRE ATT&K information associated with the security incident.
주:
This option is available when MITRE ATT&K is installed.
Add to Security Case
Add the security incident to an existing or new security case.
주:
This option is available when Threat Intel is installed.
Switch to Classic UI
Enable the analyst to switch between classic and new UI so that the analyst can also work on the existing functionalities that aren’t available on the new workspace yet.
Cancel
Cancel a security incident. After you select Cancel all the related records such as response tasks, child security incidents will also get canceled.
Delete
Delete a security incident record.
Click on a security incident number to view the security incident record. You can see the UI actions on the top of the page.
