You can automate the workflow to avoid manual intervention wherever required for ease of use. You can create and manage users and user permissions that are required to investigate the incidents, and create aggregation rules to group alerts as per specified criteria and create incidents automatically. These incidents created are further investigated as described in Incident Management Process.
The following list shows the procedures for automating the incident management process:
- Add user with required permission to investigate incidents assigned. For more information, see Manage Users with Roles and Permissions in the System Security and User Management guide.
- Configure Notification Settings to send email notifications once the incidents are created and go through various stages of incident
- Create an Aggregation Rule to group alerts into incidents depending on the criteria set.
- Set a Retention Period for Alerts and Incidents
- Obfuscate Private Data: Hash values for meta keys that contain sensitive data such as hostnames, usernames, and IP addresses.