Update Major Security Incident details
View and update specific details related to the major security incident such as Incident Record Details, Active Team participants, and the corresponding activity log.
All the related details of the major security incident are displayed with various Form sections on the Details tab of the workspace. Displays the details such as Incident Record Details, Active Team participants, and the corresponding activity log. You can also view the linked SIR incidents, Vulnerability Group record details, and an ability to broadcast an activity posting to all the linked incident records.
- Major Security Incident Form fields and incident-related UI sections.
- Activity stream
| Field | Description |
|---|---|
| Incident | |
| Number | Major security incident record number. |
| Primary state | The primary state of the major security incident record. |
| Detection Date | The date when the major security incident was first created or proposed. Whenever you modify the Detection date on the Details tab, the date and time of the MSI is automatically calculated, refreshed, and displayed on the section on the Overview section of the workspace. |
| Title | Title of the Major security incident. |
| Code name | Code name for the major security incident. For example, Blue Tiger. |
| Next update on | The date and time of the next update for resolving the major security incident. For example, 5:00 pm EST on March 25, 2024. |
| Category | Category of the major security incident. |
| Sub category | Subcategory type of the major security incident. |
| Estimated resolution date | The estimated date by when the incident is expected to be resolved. The default value is 7 days from the time of the major security incident creation. |
| Priority | Priority of the major security incident. |
| Alert sensor | Alert sensor of the major security incident. For example, User Reported Phishing. |
| Source | Source of the major security incident. |
| Active Team | |
| Incident Manager | Name of the incident manager. |
| Assignment Groups | Indicates the different response teams and team members from each team who are actively working on the major security incident. |
| Candidate | |
| MSI candidate state | Indicates the major security incident candidate state such as proposed or promoted. If the incident is promoted, then the state is displayed as Accepted. |
| Promoted by | User who had promoted the major security incident. |
| Promoted | Date when the major security incident was promoted. |
| Justification | Justification of the major security incident. The justification should include the MSI number and the code name. |
| Potential impact | The potential impact and severity of the major security incident. The Potential impact should include the MSI number and the code name. |
| Restriction | |
| Enforce restriction | Select this option to enforce restrictions on certain major security incident restrictions. You can enforce restrictions to limit the view or modify access only to certain users or groups. For more information, see Restrict access to certain major security incidents. |
| Allowed members | List of users who can access the major security incident. |
| Allowed groups | List of groups who can access the major security incident. |
| Other actions | |
| Attachment | Any attachments related to the major security incident. Select Select option to add attachments to the incident. |
| Conference Call | Use conference calls with the third-party service providers as a communication channel to meet with the stakeholders to resolve the major security incidents. For more information, see Major Security Incident Management Conference Call Integration |
Activity:
- Filters: Select the Filter sets icon to set filters.
Set filters to view the activity conversations such as activities added on the work notes, email, Timeline, and any additional comments.
- Flagged: Select the Flagged icon to flag the activities.
Flag any important activity conversations for you to keep them handy.