Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Create post incident review questionnaire categories

Create post incident review questionnaire categories

You can use the questionnaire categories that come with the base system or create your own categories.

Before you begin

Role required: sn.si_admin

About this task

To create a new category of questions:


  1. Navigate to Security Incident > Post Incident Review.
  2. Click Review Questions.
    A list of categories is displayed, along with their order and filters that define under what conditions the questions are asked (for example, only when the security incident category is Criminal activity). Each category is a section in the post incident review questionnaire and the questions in each category are included only when the security incident matches the Condition filter. For example, for a category of questions applying only to Linux servers, you would set up a filter that selected security incidents where the affected resource type was Linux Server. In that category, you would then create all questions needed when a security incident was on a Linux Server. You use one of the categories supplied in the base system or create a new category. This procedure assumes that you want to create a new category before defining questions.
  3. Click New in the list of categories.
  4. Fill in the fields on the form, as appropriate.
    Table 1. Security incident
    Field Description
    Name Name for the category that appears on the security incident questionnaire.
    Type Post Incident Review is the default.
    Create Stakeholders Unused by Security Incident Response.
    Table This field is autoassigned once the form is submitted.
    Filter Enter the condition that determines when questions in this category are used.

    If a security incident record matches this filter, the questions is included in a post incident review for that security incident. Filters can use any data on the record, or on other records linked to this record. For example, the department of the requesting user’s manager.

    Application Scope application for the incident.

    Numeric value that represents the importance of this metric relative to other metrics in the same category. By default, the weight is 10.

    Total Metrics Number of metrics used by the category.
    Description Description of the questionnaire.
  5. Click Submit to save the category.