Security Incident Response Process Selection

Process Selection determines which process definition is in use and lists processes with invalid states for security incidents and response tasks.

You can choose among three process definitions provided with the base system: NIST Stateful (default), NIST Open, SANS Open; or you can create your own. For more information, see Security Incident Response process definition.

An administrator can correct the incident or task to valid states either manually or by using a script. An empty related list (no incidents, no tasks) indicates that every active task is in a valid state. Available states vary based on the current state of the incident. For more information, see Correct an invalid security incident or task state.