Configure Security Incident Response

If you are an administrator in the global domain, you configure how Security Incident Response handles day-to-day operations.

Before you begin

Role required: sn_si.admin
Note: These options are standard to many service management applications, and as such, they use service management terminology. For example, Request is used for the main task (that is, the security incident) and Task is used for subtasks or Response Tasks.

If you are an administrator in a domain lower than the global domain, you can view the Configurations screen, but cannot modify the settings.

Procedure

  1. Navigate to Security Incident > Administration > Configuration.
    The options for configuring the applications are organized under these tabs:
    • The Business Process tab contains options for setting up the request life cycle, creating catalogs and requests, and configuring notifications.
    • The Assignment tab contains options for setting up manual and auto-assignment.
    • The Add-ons tab contains options for enabling the knowledge base, managed documents, and task activities.
  2. Fill in the fields on the Business process tab.
    Table 1. Configuration screen - Business Process tab
    Field Description
    Lifecycle
    Work notes are required to close or cancel a request or task Enable this option to require the user to enter work notes before a security incident or response task can be closed or canceled.
    Copy task work notes to request Enable this option to synchronize response task work notes with the work notes on the security incident. So when work notes in the task are added, the same work notes appear in the parent security incident.
    Catalog and Request Creation
    Create or update requests by inbound email Enable this option to create or update security incidents from inbound emails.
    Requests are created using Select catalog or regular form to activate the catalog and enable automatic publishing of security incident templates to the catalog.

    Select regular form only to deactivate the catalog and disable automatic publishing of security incident templates to the catalog.

    Templates create a dedicated catalog item Enable this option to activate automatic publishing of catalog items for the application.
    Notifications
    For a request or task, when the selected field changes, send notification to recipients You can configure notifications to be sent to specific recipients when selected fields in security incidents and response tasks change.
    1. From Table, select Request (security incident or Task (response task).
    2. From Field, select the field to use for generating notifications. When a change is made to the selected field, a notification is sent to the identified recipients.
    3. From Recipients, select one or more recipients.
    4. If you select a specific user or a specific group, you are prompted to select a user or group.
    5. To define more notifications using other fields or recipients, repeat the preceding steps for the next set of notification settings.
    6. To remove a notification, click the delete notification symbol symbol to the right of the notification.
  3. Click the Assignment tab and fill in the fields.
    Table 2. Configuration screen - Assignment tab
    Field Description
    Assignment method for requests Select the method for assigning security incidents:
    • using auto-assignment: Security incidents are automatically assigned.
    • using a workflow: Security incidents are assigned by the selected workflow.
    • manually: Security incidents are manually assigned.
    Use this workflow to assign requests Select the workflow for dispatching security incidents. This field appears when using a workflow is selected from the Assignment method for requests list.
    Assignment method for tasks Select the method for assigning response tasks:
    • using auto-assignment: Response tasks are automatically assigned.
    • using a workflow: Response tasks are assigned by the selected workflow.
    • manually: Response tasks are manually assigned.
    Use this workflow to assign tasks Select the workflow for assigning response tasks. This field appears when using a workflow is selected from the Assignment method for tasks list.
    Assign requests or tasks based on assignment group coverage areas Enable this option to limit the assignment of security incidents and response tasks to groups that cover the location of the task.
    Scheduling
    Auto-selection of agents will consider time zone for tasks Enable this option to consider the time zone of the agent when assigning a task. This field appears when auto-assignment is selected for security incidents or response tasks.
    Additional Factors
    Auto-selection of agents will consider location of agents Enable this option to give preference to agents who are closer to the task location, when assigning any tasks. This field appears when auto-assignment is selected for security incidents or response tasks.
    Auto-selection of agents for tasks requires them to have skills Select the degree to which agent skills must be matched to a task when determining auto-assignment.
    • Select all to require that an assigned agent must have all the skills to perform the task. An agent who lacks even one skill is eliminated.
    • Select some if you want agents who have most of the skills required to perform the task.
    • Select none if you want to auto-assign agents without considering skills.
    This field appears when auto-assignment is selected for security incidents or response tasks.
    Auto-selection will attempt to assign the same agent to all tasks in a request Enable this option to auto-assign all response tasks for a security incident to the same agent.
  4. Click the Add-ons tab and fill in the fields.
    Table 3. Configuration screen - Add-ons tab
    Field Description
    Documentation
    Enable a dedicated knowledge base Enable this option to activate the knowledge base for Security Incident Response.
    Enable managed documents Enable this option to add a related list to managed documents.
    Enable task activities Enable this option to log task interactions and communications, such as phone calls and email messages.
  5. Click Save.