Incident Management: Automate the Incident Management Process

Document created by RSA Information Design and Development on Jul 27, 2016Last modified by RSA Information Design and Development on Jul 27, 2016
Version 2Show Document
  • View in full screen mode
 

This topic provides information on various processes that can be automated to create a easy workflow for Incident Management.

You can automate the workflow to avoid manual intervention wherever required for ease of use. You can create and manage users and user permissions that are required to investigate the incidents, and create aggregation rules to group alerts as per specified criteria and create incidents automatically. These incidents created are further investigated as described in Incident Management Process Flow.

The table below lists the various procedures followed for automating the incident management process.

                                
TasksReference
  1. Add user with required permission to investigate incidents assigned.
Refer to Manage Users with Roles and Permissions in the System Security User Management Guide.
  1. Configure Notification Settings to send email notifications once the incidents are created and go through various stages of incident management workflow.
Refer to Automate the Incident Management Process.
  1. Create Aggregation rules to group alerts into incidents depending on the criteria set.
Refer to Create an Aggregation Rule.
  1. Specify how long to retain alerts and incidents before they get deleted.
Refer to Set a Retention Period for Alerts and Incidents.
  1. Hash values for meta keys that contain sensitive data such as hostnames, usernames, and IP addresses
Refer to Obfuscate Private Data.
You are here: Incident Management: Automate the Incident Management Process

Attachments

    Outcomes