Configure an assessment trigger condition

Define rule conditions and generate mandatory and optional assessments for specific security incidents.

Before you begin

Role required: sn_si.admin

Note: To use the Post Incident Review Assessment Trigger Conditions feature, you must upgrade to Security Incident Response 11.0. Before upgrading, you must revert any customizations done to the Post Incident Review Metric type and trigger conditions. In addition, you may also have to revert the customizations done to the business rules specific to the post incident review.

Require assessments to be complete
Store assignee

Procedure

Navigate to Security Incident > Administration > Post Incident Review Setup.
In the Assessment Trigger Conditions Configure section, click Configure.
Note: On the Assessment Trigger Configuration form, in the Assessments Configurations section, the Generate Assessments check box is selected by default.
- When you select the check box, an optional assessment is created for every security incident.
- When you deselect the check box, the assessments are not generated. The assessment rules are not displayed and you cannot configure conditions for the security incidents.
On the Assessment Trigger Configuration form, in the Conditions section, specify the required information.
1. Click Insert a new row.
2. In the Name field, specify the rule name.
3. In the Fulfilment field, specify the fulfilment type.
4. To configure a condition, click the rule record and define conditions in the Condition field.
  Note:
  - If you create a rule without defining a condition in the Condition field, then the condition is evaluated as true and the rule is applicable for all security incidents.
  - You can define a specific rule to make the assessments either mandatory or optional, and the assessments are not generated for the remaining security incidents which don't match the defined rules.
  Trigger conditions
  
  Figure 1. Trigger conditions

Assessment trigger conditions examples

The following examples provide different scenarios on how mandatory and optional assessment trigger conditions are generated.

On the Assessment Trigger Condition form, generate mandatory assessments when the Priority and Business Impact for a security incident is set to Critical on the Assessment Trigger Rule page. In such scenario, the security analysts cannot close the incident until the mandatory assessments are completed.

Figure 2. Mandatory assessment example
- As you can see, in this example, If a security incident is in a Review state, security analysts cannot close the security incident without completing the Post Incident Review Assessment. An assessment link is available to take the assessment to the security analysts who are assigned (or who had requested for the assessment) to the incident.
On the Assessment Trigger Condition form, generate optional assessments when the Priority and Business Impact for a security incident is set to High. In this example, if the security analysts do not complete the assessments and close the security incident, the assessments are automatically canceled.
In case, if the mandatory or optional assessments does not match the security incident, assessments are not generated for such security incidents. A security analyst can close the security incident without completing the Post Incident Review assessment.

Configure an assessment trigger condition

Define rule conditions and generate mandatory and optional assessments for specific security incidents.

Before you begin

Role required: sn_si.admin

Require assessments to be complete
Store assignee

Procedure

Navigate to Security Incident > Administration > Post Incident Review Setup.
In the Assessment Trigger Conditions Configure section, click Configure.
Note: On the Assessment Trigger Configuration form, in the Assessments Configurations section, the Generate Assessments check box is selected by default.
- When you select the check box, an optional assessment is created for every security incident.
- When you deselect the check box, the assessments are not generated. The assessment rules are not displayed and you cannot configure conditions for the security incidents.
On the Assessment Trigger Configuration form, in the Conditions section, specify the required information.
1. Click Insert a new row.
2. In the Name field, specify the rule name.
3. In the Fulfilment field, specify the fulfilment type.
4. To configure a condition, click the rule record and define conditions in the Condition field.
  Note:
  - If you create a rule without defining a condition in the Condition field, then the condition is evaluated as true and the rule is applicable for all security incidents.
  - You can define a specific rule to make the assessments either mandatory or optional, and the assessments are not generated for the remaining security incidents which don't match the defined rules.
  Trigger conditions
  
  Figure 1. Trigger conditions

Assessment trigger conditions examples

The following examples provide different scenarios on how mandatory and optional assessment trigger conditions are generated.

On the Assessment Trigger Condition form, generate mandatory assessments when the Priority and Business Impact for a security incident is set to Critical on the Assessment Trigger Rule page. In such scenario, the security analysts cannot close the incident until the mandatory assessments are completed.

Figure 2. Mandatory assessment example
- As you can see, in this example, If a security incident is in a Review state, security analysts cannot close the security incident without completing the Post Incident Review Assessment. An assessment link is available to take the assessment to the security analysts who are assigned (or who had requested for the assessment) to the incident.
On the Assessment Trigger Condition form, generate optional assessments when the Priority and Business Impact for a security incident is set to High. In this example, if the security analysts do not complete the assessments and close the security incident, the assessments are automatically canceled.
In case, if the mandatory or optional assessments does not match the security incident, assessments are not generated for such security incidents. A security analyst can close the security incident without completing the Post Incident Review assessment.

How search works:

Topics are ranked in search results by how closely they match your search terms

Configure an assessment trigger condition

Configure an assessment trigger condition

Assessment trigger conditions examples

On this page

Configure an assessment trigger condition

Configure an assessment trigger condition

Assessment trigger conditions examples

Log in to personalize your search results and subscribe to topics