Using Now Assist for Security Incident Response to close security incidents

  • Release version: Xanadu
  • Updated January 6, 2025
  • 1 minute to read

    • Security analysts can close security incidents quickly from within their flow of work with the generative AI skills supported by Now Assist for Security Incident Response.

    Overview of Now Assist for Security Incident Response

    With generative AI skills with Now Assist for Security Incident Response, your security analysts have the option to:

    • Summarize security incident details and review the context quickly in a concise, easy-to-read format.
    • Generate closure (resolution) notes.
    • Generate recommended actions for a security incident
    • Generate post incident analysis data
    • Generate performance metrics for your remediation teams.

      This skill is activated for use with an AI agent. See Analyze security operations metrics agentic workflow for more information.

    • Generate correlation insights to speed up incident investigation.

    Security managers and analysts can request security incident summaries and closure notes from the following locations:

    • Security incident records
    • Security Incident Response Workspace
    • The Now Assist panel.
      Note:
      The security incident recommended actions and post-incident analysis skills are not available from the Now Assist panel.
    Security managers and analysts can generate recommended next steps and post-incident analysis data from the following locations:
    • Security incident records
    • Security Incident Response Workspace

    Security managers and analysts can create remediation tasks from generated recommended actions only from security incidents in the Security Incident Response Workspace.

    1. Summarize a security incident with Now Assist for Security Incident Response

      Generate a summary for a security incident that includes the underlying issue, incident details, related lists data (observables), and key actions already taken.

    2. Generate recommended actions for a security incident with Now Assist for Security Incident Response
    3. Generate a post-incident analysis for a security incident with Now Assist for Security Incident Response
    4. Generate correlation insights with Now Assist for Security Incident Response
    5. Generate closure notes for a security incident with Now Assist for Security Incident Response

      Automatically generate the closure notes for a security incident.

    6. Request generative AI skills in the Now Assist panel for Now Assist for Security Incident Response

      Generate summaries and closure notes from the Now Assist panel.

      Note:
      The security incident recommended actions and post-incident analysis skills are not available from the Now Assist panel.
    7. Customize a Now Assist for Security Incident Response skill

      Customize the input fields of a skill to suit the requirements of your environment.