Create post incident review questionnaire categories

You can use the questionnaire categories that come with the base system or create your own categories.

Before you begin

Role required: sn.si_admin

About this task

To create a new category of questions:

Procedure

  1. Navigate to Security Incident > Post Incident Review > Review questions.
  2. Click New.
    A list of categories is displayed, along with their order and filters that define under what conditions the questions are asked (for example, only when the security incident category is Criminal activity). Each category is a section in the post incident review questionnaire and the questions in each category are included only when the security incident matches the Condition filter. For example, for a category of questions applying only to Linux servers, you would set up a filter that selected security incidents where the CI type was Linux Server. In that category, you would then create all questions needed when a security incident was on a Linux Server. You use one of the categories supplied in the base system or creating a new category. The procedure below assumes you need want to create a new category before defining questions.
  3. Enter a Name for the new category. The name appears on security incident questionnaires.
  4. In the Filter area, enter the condition that determines when questions in this category should be used. If a security incident record matches this filter, the questions will be included in a post incident review for that security incident. Filters can use any data on the record, or on other records linked to this record; for example, the department of the requesting user’s manager.
  5. If desired, enter a Description that will appear on security incident questionnaires.
  6. Click Submit to save the category.