Rollup Framework for MSIM
Extends the capability of linking the source records from Major Security Incident Management workspace.
Overview
Rollup Framework makes the rollup flow configurable and extendable. Use this framework model to configure the information, which can be rolled up to a Major Security Incident.
Earlier, sn_msi.workspace_manager was able to link the security incidents and vulnerable items which were proposed or promoted as MSI. After linking the security incident or vulnerable item, the information was then rolled up to a major security incident. The type of information needed to be rolled up was hard-coded in the scripts.
You can use the framework model to configure the rollup flow, which supports the following features and also addresses the existing issues in the application:The rollup framework model enables the sn_msi.workspace_manager with the following benefits to:
- Add or remove the linking, propose, or promote MSI record capabilities on any table, which extends the task table.
- Control the type of information to be rolled up to MSI while performing actions such as link/propose/promote on the incident records.
- Support linking, propose, or promote for Security Incidents, Remediation tasks, and Security Cases Out of the box (OOTB) both from the classic environment and Major Security Incident Management workspace.
| Name | Description |
|---|---|
| Linked Record Configuration | Stores the information of task tables which can be used to link/promote/propose to Major Security Incident. |
| Rollup Record Configuration | Captures the information which can be rolled up from task table when link/promote/propose actions are performed. |
| List Layout Configuration | Controls the labels and list layout for various tables as shown in the Major Security Incident Management workspace tabs such as Incident Impact, Linked Records, and Threat Intelligence. |