I'm curious to see if anyone is really using the Incident Management module within NetWitness. I personally find it a little lacking in most posts but we want to start to use it to better manage incidents.
We don't use Archer but I wondered if it could be used in conjuntion with something like Jira.
Thanks.
Hi Jeremy,
We use it quite a bit but maybe in a different way than you are hoping. We use it to alert us to the IoC's we are alerting on for further investigation and the details of that investigation. Should we require action from a team outside of the security operations, we create a remediation ticket within Netwitness Incident Management with the external Ticket Number for reference and then use the Incident/Change management system the rest of IT uses. As with most investigations, some lead to action, some stay within the team, and some are false positives, etc. So we use it to do our internal team investigations, document what we've found and then pivot to our enterprise system to request input or work from other teams.
I've never used it with Jira.
Hopefully that helps and partly answers your question.
Regards,
Kyle