Skip to content

Incidents

  • Incident Dashboard: Provides a real-time overview of all incidents, categorized by service type—whether they are alerts from the Live Alerting service or actively managed incidents under Managed Incident Response. Each incident is clearly labeled with its status, priority, and the service handling it.

  • Incident Details: For both services, you can click on any incident to access comprehensive details. For Live Alerting, this includes the detected activity and recommended next steps. For Managed Incident Response, you’ll find a detailed timeline, affected systems, ongoing remediation steps, and status updates as the incident progresses.

  • Automated Alerts: Receive real-time notifications of new incidents, tailored to your selected service. Alerts for Live Alerting focus on detected activities that require your IT or SOC team’s immediate attention, while alerts under Managed Incident Response are continuously updated to reflect the incident's current status and actions taken by SecureIST.

  • Reporting: Although this section is not intended for generating reports, it offers summaries and analyses of incidents, particularly useful for compiling monthly security reports. This is critical for Managed Incident Response incidents, where detailed logs of actions taken are crucial for compliance and audit purposes.

User Actions

  • Access the Incident Dashboard: After logging into the Incident Portal, navigate to the Incidents section to see a categorized overview of all incidents based on your service level.

  • Review Incident Summary: The dashboard displays incidents with essential details, including the incident type (alert vs. managed), status, and severity.

  • Filter and Sort: Use filters to view incidents by date range, status (open, in progress, closed), severity, or service type, allowing you to prioritize your review process.

Managing Incidents

  • Incident Selection: Click on an incident for more detailed information. In the case of Live Alerting, review the detected activity and follow the recommended actions. For Managed Incident Response, follow the ongoing updates and remediation steps.

  • Investigate: Access logs, related alerts, and contextual data within the incident details to understand the full impact. This is especially critical for Managed Incident Response, where a deep investigation is part of the service.

  • Action: For Live Alerting, take the recommended actions and update the incident status accordingly. For Managed Incident Response, SecureIST’s team handles the remediation, and you’ll be kept informed of progress and outcomes.

Communication

  • Collaboration: Utilize built-in communication tools to coordinate with your security team and SecureIST experts. This feature is vital in Managed Incident Response, where collaboration between your internal team and SecureIST is crucial for effective incident management.

  • Updates and Notes: Document actions taken and share information directly within an incident’s details page, ensuring that all relevant stakeholders are informed.