Generate closure notes for a security incident with Now Assist for Security Incident Response
Automatically generate a draft of the closure notes for a security incident when you close it. The draft is editable and will be reviewed prior to closing the security incident, and it can be used or modified as needed. Closure notes provide information about the resolution of a security incident to other analysts, managers, and key stakeholders.
Before you begin
Roles required: sn_si.analyst, sn_si.manager or sn_si.basic
If the Close code or Close notes fields are already updated for a security incident, Now Assist will not modify these fields, regardless of the incident’s current state. To enable Now Assist to update these fields, ensure that both the Close Code and Closure Notes fields are left blank.
Procedure
-
Close the security incident.
Option Description Close the security incident in legacy Core UI16 - Change the State field to Closed.
The stepper modal is displayed.
- Review each step and select Next.
- Select Provide resolution details.
- Click on the Close notes section and use the Now Assist Context Menu (NACM) to generate the resolution notes. The close notes will be auto-generated if no
text exists, or you can modify the existing text as needed by choosing the required option from NACM.Note:You might want to review the generated text and make sure it's accurate before you close the security incident. Edit the notes or delete them to provide your own. You can also Elaborate or Shorten the generated text.
- Select the required option from the Now Assist Context menu. Elaborate will help you to elaborate the text and replaces the selected resolution text. In case, if you wish to shorten the resolution text you can select Shorten option from the Context menu to make the text more concise.
- Update the Close code and select Close incident.
The resolution summary is displayed in the Resolution Information section on the security incident record.
Close the security incident from the Security Incident Response Workspace - On the Details tab of the workspace, change the State field to Closed.
The stepper modal is displayed.
- Review each step and select Next.
- Select Provide resolution details
- Click on the Close notes section and use the Now Assist Context Menu to generate the resolution notes. The close notes will be auto-generated if no text
exists, or you can modify the existing text as needed using the NowAssist options.Note:You might want to review the generated text and make sure it's accurate before you close the security incident. Edit the notes or delete them to provide your own. You can also Elaborate or Shorten the generated text.
- Select the required option from the Now Assist Context menu. Elaborate will help you to elaborate the text and replaces the selected resolution text. In case, if you wish to shorten the resolution text you can select Shorten option from the Context menu to make the text more concise.
- Update the Close code and select Close incident.
The resolution summary is displayed on the Details tab on the security incident record in the workspace.
Note:Using the Now Assist Context menu, you can directly add or generate the resolution notes in the Close notes section on the incident record itself, when the incident is in the Review state. For more information, see the screen shot below.
The following screen shot depicts the resolution notes generated for closing the security incident in Core UI16.
Auto-generated resolution notes from the Security Incident Response Workspace.
Edit the resolution notes generated using the Now Assist context menu on the Security Incident Response workspace.
- Change the State field to Closed.