When you have investigated an incident and have identified the cause, you can create a remediation task, assign it to a particular group and track it to closure.
Procedures
Create a Remediation Task
- In the Security Analytics menu, select Incidents > Queue.
The My Incidents tab is displayed. - In the My Incidents tab, double-click an incident.
The incident details view is displayed. - Under Remediation Tasks, click
The New Remediation Task dialog is displayed. - Provide the following information:
Name - Name of the remediation task.
Description - (Optional) Type information that describes the remediation task.
Priority - Select the priority for the task: Low, Medium, High, or Critical.
Target Queue - Select the target queue depending on the type of the task: Operations, GRC, or Content Improvement.
Type - Select a type for the task: Quarantine host, Quarantine Network Device, Block IP/Port, Block External Access to DMZ, Block VPN Access, Reimage host, Update Firewall Policy, Update IDS/IPS Policy, Update Web Proxy Policy, Update Access Policy, Update VPN Policy, or Custom.
Assignee - (Optional) Type the username of the user to whom the task is to be assigned. - Click Save.
The remediation task is listed under Remediation tasks.
Modify a Remediation Task
- In the Security Analytics menu, select Incidents > Queue.
The My Incidents view is displayed. - In the My Incidents view, double-click an incident.
The incident details view is displayed. - Under Remediation Tasks, double-click a remediation task.
The remediation task details view is displayed. - Click
.
The Edit Remediation Task dialog is displayed. - Modify the required fields.
- Click Save.
Note: Alternatively, you can click the parameter that you want to modify in the top panel and modify the value as required.
Previous Topic:Add a Journal Entry
Next Topic:Send a Remediation Task as a Helpdesk Ticket
You are here
Table of Contents > Incident Management Process Flow > Investigate an Incident > Create a Remediation Task