Set up Security Incident Response Prior to using Security Incident Response, perform steps to set up various parts of the system, including an administrator group and one or more security incident groups, SLAs, and severity calculators. Activate Security Incident ResponseActivate the Security Incident Response plugin and configure it based on the needs of your organization. This plugin is available as a separate subscription. Lock down security administration (optional)To protect investigations and keep security incidents private, you can restrict Security Incident Response access to security-specific roles and ACLs. Non-security administrators can be restricted from access, unless you expressly allow them entry. Configure Security Incident ResponseIf you are an administrator in the global domain, you configure how Security Incident Response handles day-to-day operations. Create a security incident groupSet up a security incident group and assign the appropriate roles and users to the group. Security Incident Response process definitionSecurity Incident ResponseProcess Definition replaces state flows and provides end users and service desks with the status of an incident. A process definition helps track the incident through its life cycle. Security Incident Response is a Service Management (SM) application, however, it has its own set of states for both incidents and their tasks. Invalid states are reported as part of Process Selection.Create a Security Incident Response SLAYou can define a Service Level Agreement (SLA) for Security Incident Response.Create a security incident knowledge articleYour organization can create and maintain articles in the security incident knowledge base. These articles share security information, document the types of cyber threats that your organization faces, and provide answers and responses to these threats.Security incident calculatorsSecurity incident calculators are used to update record values when pre-defined conditions are met. The calculators are grouped based on the criteria used to determine how the records are updated. Security Incident CatalogThe Security Incident Catalog provides a customer-facing view of available security incident products and services. This catalog allows your organizations to promote these offerings in a structured and easily navigable way.