Proteggiamo il tuo ambiente digitale da qualsiasi attacco informatico. Sfrutta tutte le potenzialità della piattaforma SGBox!

Gallery

Contatti

Via Melchiorre Gioia, 168 - 20125 Milano

info@sgbox.it

+39 02 60830172

Linkedin Facebook-f Twitter

INCIDENT MANAGEMENT: management of security incidents

How does Incident Management work?

The Incident Management module provides an integrated platform to manage the incidents and anomalies detected from the other SGBox modules

SGBox Incident Management is the key to reducing time, complexity and costs related with managing IT incidents.

The automatic alarm correlation system can highlight potential malicious activity, aggregating the alarms generated by different correlation rules to provide a more detailed overview of what is happening within your IT infrastructure.

// monitor all phases of resolution

Ticketing for technical assistance

Thanks to this feature you can manage detected security tickets, assign them to a specific member of the investigation/resolution team, follow the ticket history to its complete resolution and display multiple statistics to improve the response to anomalies.

// intuitive view of incident structure

Graphic view of incident details

This visualization allows to graphically represent the structure of the incident, highlighting the dependencies between the components of the alarms and other events that can indirectly contribute to the accident. 

This way you can easily get detailed information about which users, IP addresses or hosts are related to a given problem.

This view then allows you to navigate through the alarms related to an accident by deepening the details about the events that caused it.

SGBox Case Management

Dynamic case management provides direct interaction with all incident-related data and actions, allowing analysts to respond more quickly and flexibly.

SGBox’s case management capability is fully integrated with workflow and Playbooks to consolidate the entire incident response process.

With SGBox case management, an analyst can access a single record view to dynamically analyze and interact with all critical data and components related to an incident. From any record, the analyst can instantly perform a series of related investigative actions specific to that case.

Incident Boards

Pre configured views on incidents. It’s possible to show them by risk or time created.

Teams Collaboration

It’s possible manually or automatically assign the incident to a specific operator or team. Additional information can be added during the resolution.

Timeline Analysis

View the incident history from the creation to the resolution. Analyze step by step the actions executed by each operator.

// Want to know more about SGBox Incident Management?

Request a Free Demo!

demo