Context Hub: Configure Responses Dialog

Document created by RSA Information Design and Development on Apr 20, 2016
Version 1Show Document
  • View in full screen mode
 
  

This topic describes the functions and features of the Configure Responses dialog for Incident Management and ECAT data sources.

In the Context Hub Services Config view > Data Sources tab, you can configure the responses for Incident Management and ECAT data sources. 

Related procedures are available in the following topics:

To access this dialog:

  1. In the Security Analytics menu, select Administration > Services.
    The services view is displayed.
  2. In the Services panel, select the Context Hub service and click settings.png > View > Config.
    The Services Config view of Context Hub is displayed.
  3. Select the data source (Incident Management or ECAT) for which you want to configure the responses and click ic-actns2.png in the Actions column. 

Configure Incident Management Responses Dialog

The types of responses for Incident Management data source are Incidents and Alerts. The following figure shows the Configure Incident Management Responses dialog. 
F-Conf-IM-resp.png

The following table describes the features of Configure Incident Management Responses dialog.

                                
FeatureDescription
EnableThis option determines if the selected response type must be enabled for the data source and the lookup results must appear in the Context Lookup panel displayed in Investigation views. The default setting is enabled.
LimitThe maximum number of records (incidents or alerts) to be displayed in the Context Lookup panel of Investigation views when context lookup is performed.
The default value is 50.
Query LastThe duration (in days) for which the contextual information of the selected response type must be fetched. The default value is Last 7 Days.
Use CacheThis option determines if response caching is enabled.
When enabled, Context Hub stores the lookup results in cache. Subsequent requests for the same meta value is served from cache for the configured time (Cache Expiration).
Cache ExpirationThe time (in minutes) that the lookup results are stored in cache after Context Lookup is performed. The default value is 30 minutes.

Configure ECAT Responses Dialog

The types of responses for ECAT data source are Modules, Machines, and InstantIOCs. The following figure shows the Configure ECAT Responses dialog.

F-Conf-ecat-resp.png

The following table describes the features of Configure ECAT Responses dialog.

                            
FeatureDescription
EnableThis option determines if the selected response type must be enabled for the data source and the lookup results must appear in the Context Lookup panel displayed in Investigation views. The default setting is enabled.
Minimum IIOC Score
[For Modules only]

The minimum IIOC score for fetching contextual information of ECAT modules. The contextual information of ECAT modules having IIOC score greater than or equal to the configured minimum score are fetched. 

The IIOC score for ECAT modules ranges between 0 to 1024, where 1024 is considered as critical. 

By default, the minimum IIOC score is set to 500.

Use CacheThis option determines if response caching is enabled.
When enabled, Context Hub stores the lookup results in cache. Subsequent requests for the same meta value is served from cache for the configured time (Cache Expiration).
Cache ExpirationThe time (in minutes) that the lookup results are stored in cache after Context Lookup is performed. The default value is 30 minutes.
You are here: Context Hub Service References > Configure Responses Dialog

Attachments

    Outcomes