Module Incident Manager

Overview

The Incident Manager module is designed for tracking important events and resulting actions of correlation rules. It provides the capability to prioritize incidents according to their criticality level and manages them accordingly.

The following functional capabilities are presented on the module dashboard:

1. Incident Management
2. Detailed Incident Description
3. Incident Statistics
4. Incident Change History

Description of Each Incident Field

When working with incidents in the system, the following main fields are contained:

Date and Time:

• The date and time when the incident occurred.

Severity:

• Displayed as a circular icon of a certain color, indicating the severity level of the incident.

Possible values:

• Alert: 🔴 Red
• Warning: 🟡 Yellow
• Information: 🟢 Green

Incident:

• A brief description of the event that triggered the incident.

Status:

• The current status of the incident, reflecting its state in the process.

Possible values:

• New - a new incident received in the Incident Manager, work on the incident has not started yet
• In Progress - the incident is being worked on
• Verification - the process of approving the work required to resolve the incident is ongoing / the process of approving the possibility of closing the incident after its resolution is ongoing
• Rejected - the incident is postponed until the cause of rejection is resolved
• Closed - work on resolving the incident is completed, the incident is closed by agreement

Assignee:

• The employee or group of employees responsible for resolving the incident.

Note!

For each incident, a card is available where you can track the entire history of changes, statuses, as well as comments.

Workflow - Active Actions

• Primary actions can affect incident parameters
• They are divided into system and user actions

Note

User actions can be implemented in NodeJS / Python.