Incident Management: Create a Remediation Task

Document created by RSA Information Design and Development on Jun 26, 2017Last modified by RSA Information Design and Development on Jul 27, 2017
Version 2Show Document
  • View in full screen mode
  

When you have investigated an incident and have identified the cause, you can create a remediation task, assign it to a particular group and track it to closure.

Procedures

Create a Remediation Task

  1. In the Security Analytics menu, select Incidents > Queue.
    The My Incidents tab is displayed.
  2. In the My Incidents tab, double-click an incident.
    The incident details view is displayed.
  3. Under Remediation Tasks, click Icon-Add.png
    The New Remediation Task dialog is displayed.
    create_remediation_task.png
  4. Provide the following information:
    Name - Name of the remediation task.
    Description - (Optional) Type information that describes the remediation task.
    Priority - Select the priority for the task: Low, Medium, High, or Critical.
    Target Queue - Select the target queue depending on the type of the task: Operations, GRC, or Content Improvement.

    Type - Select a type for the task: Quarantine host, Quarantine Network Device, Block IP/Port, Block External Access to DMZ, Block VPN Access, Reimage host, Update Firewall Policy, Update IDS/IPS Policy, Update Web Proxy Policy, Update Access Policy, Update VPN Policy, or Custom. 
    Assignee - (Optional) Type the username of the user to whom the task is to be assigned.
  5. Click Save.
    The remediation task is listed under Remediation tasks.

Modify a Remediation Task

  1. In the Security Analytics menu, select Incidents > Queue.
    The My Incidents view is displayed.
  2. In the My Incidents view, double-click an incident.
    The incident details view is displayed.
  3. Under Remediation Tasks, double-click a remediation task.
    The remediation task details view is displayed.
  4. Click edit_rem_task.png.
    The Edit Remediation Task dialog is displayed.
    edit_remediation_dialog.png
  5. Modify the required fields.
  6. Click Save.

Note: Alternatively, you can click the parameter that you want to modify in the top panel and modify the value as required.

Previous Topic:Add a Journal Entry
You are here
Table of Contents > Incident Management Process Flow > Investigate an Incident > Create a Remediation Task

Attachments

    Outcomes