INCIDENT MANAGEMENT: management of security incidents
How does Incident Management work?
The Incident Management module provides an integrated platform to manage the incidents and anomalies detected from the other SGBox modules.
SGBox Incident Management is the key to reducing time, complexity and costs related with managing IT incidents.
The automatic alarm correlation system can highlight potential malicious activity, aggregating the alarms generated by different correlation rules to provide a more detailed overview of what is happening within your IT infrastructure.
Ticketing for technical assistance
Thanks to this feature you can manage detected security tickets, assign them to a specific member of the investigation/resolution team, follow the ticket history to its complete resolution and display multiple statistics to improve the response to anomalies.
Graphic view of incident details
This visualization allows to graphically represent the structure of the incident, highlighting the dependencies between the components of the alarms and other events that can indirectly contribute to the accident.
This way you can easily get detailed information about which users, IP addresses or hosts are related to a given problem.
This view then allows you to navigate through the alarms related to an accident by deepening the details about the events that caused it.
SGBox Case Management
Dynamic case management provides direct interaction with all incident-related data and actions, allowing analysts to respond more quickly and flexibly.
SGBox’s case management capability is fully integrated with workflow and Playbooks to consolidate the entire incident response process.
With SGBox case management, an analyst can access a single record view to dynamically analyze and interact with all critical data and components related to an incident. From any record, the analyst can instantly perform a series of related investigative actions specific to that case.
Pre configured views on incidents. It’s possible to show them by risk or time created.
It’s possible manually or automatically assign the incident to a specific operator or team. Additional information can be added during the resolution.
View the incident history from the creation to the resolution. Analyze step by step the actions executed by each operator.