SIRP’s incident management workflows provides option to define and assign tasks for the security analysts. This helps with the implementation of the SOC SOPs and improves the resolution time of incidents. These incident workflows allow security analysts to perform step- by-step tasks and analysis based on the type/category of the security incident.
SIRP provides you with a pre-defined list of workflows divided into incident management lifecycle phases. These workflows can be used as it is, or the administrator can customize them to create workflows based on the organizational requirements
Workflow
To manage the list of workflow tasks, navigate to the Workflows page, open the Main Menu, and select Administration. Once the Administration section is displayed, select the Workflows tab at the top of the page, and then Workflow under that.
Main Menu > Administration> Workflows > Workflow
This page displays the list of all available Workflow tasks along with the Incident Category (where the task is supposed to be assigned and executed) and Task Category (which is the exact incident management lifecycle phase at which the task will be triggered).
To add a new task, click on the Create Workflow button at the top. Clicking on the button will display a popup. Enter the Name, Description, select Case category, select Task Category, and lastly select the status of this workflow task, then click Create.
The newly added Workflow Task will appear in the main list and will be usable on the main Incident Management module.
You can either edit or delete any of the existing or newly created records. You can also Enable or Disable any task displayed in the list.
Using the duplicate icon, you can create a new task using the content of already existing tasks.
Categories
These categories signify the different phases of an incident management lifecycle. Through these categories, we can divide our workflow tasks into different phases. For example, a security analyst would be required to perform certain tasks during the analysis phase, and a different set of tasks during the containment phase.
SIRP provides you with a list of five pre-defined categories (Incident Management Lifecycle phases):
Analysis
Containment
Eradication
Recovery
Post-Incident
To manage the list of workflow categories, navigate to the Workflows page, open the Main Menu, and select Administration. Once the Administration section is displayed, select the Workflows tab at the top of the page, and then Categories under that.
Main Menu > Administration > Workflows > Categories
This page displays the list of all the available workflow categories.
To add a new category, click on the Create Category button at the top. Clicking on the button will display a popup. Enter the Name of the category, then click Create.
The newly added Category will appear in the main list and will be usable on the main Incidents module.
You can either edit or delete any of the existing or newly created records.