The Incidents module in Security Analytics provides an easy way to track the incident response process. The Incident management solution provides the following:
- Track the Incident Response in a consistent way.
- Automate the process of creating actionable security incidents from incoming alerts.
- Provide business context and investigational tools to help the team discover the root causes.
- Track the remediation process in an automated way by integrating with a third party help desk system.
Most of the investigations are achieved within the Security Analytics interface wherein you can create and track remediation tasks, but Security Analytics also has the following options:
- Integration with a third party ticketing system that enables you to escalate remediation tasks for the Operations target queue as tickets.
- Integration with RSA Archer that enables you to escalate remediation tasks for the GRC target queue as Findings or to report data breaches and trigger the breach response process in the RSA Archer Security Operations Management solution.
The following figure depicts various ways in which you can track the incoming alerts and accomplish the incident management process.