Configure the Security Analyst Workspace

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read

    • Configure the user interface of the Incident record in the Security Analyst Workspace to specify the fields you want to display.

    Before you begin

    Role required: sn_si.analyst

    About this task

    Specify the fields to be displayed in your Incident record and the order in which the fields must appear on the Security Incident form and the Response Task form. You can also set a limit on the number of fields that you want to display.
    Note:
    You can create rules to determine which view should be used for a specific form. Several views are included with the base system, including the Default and SIR New UI views. Several view rules are also shipped with the base system, including the All Others Response Task rule. This rule enforces the Default view on the Response Task form when the condition specified in the view rule is met. The Security Analyst Workspace uses the SIR New UI view. If the form fields displayed in the Security Analyst Workspace do not match the form fields in the classic environment, a view rule is most likely enforced. To use the SIR New UI view for the form, you must disable the view rule. See Control when the system displays a view for details.

    Procedure

    1. Navigate to any security incident list (for example, All > Security Incident > Incidents > Show All Incidents).
    2. To open the security incident record, click a security incident link.
    3. To navigate to the Configuring Security Incident form page, click the Context menu menu icon and select Configure > Form Layout.
    4. From the View name list, select SIR New UI.
    5. In the Section field, select the appropriate section.
      This can be Security Incident or Security Incident Response Task.Configure security incident record
    6. Select the fields and the order in which you want them to appear in the Incident banner in the new UI.
    7. Click Save.
      Note:
      • Certain fields are hidden by default in the Incident and Response Task banners. Change the fields that are hidden or displayed by modifying the sn_app_secops_ui.form.excluded_fields.incident and sn_app_secops_ui.form.excluded_fields.response_task properties as described in Security Analyst Workspace properties.
      • Specify the number of fields that can be displayed in the Incident and Response Task banners and on the first line of the Incident banner by setting these properties:
        • sn_app_secops_ui.task_summary.single_summary.limit.incident
        • sn_app_secops_ui.task_summary.single_summary.limit.response_task
        • sn_app_secops_ui.task_summary.single_summary.limit.incident.first_line
    8. To configure the styles of the dotted circles that appear next to a field value in the Incident record, for example, Menu style navigate to System UI > Field Styles and modify or create a new style record for the specific table and field name.
      The property background-color in the Style field of the style record determines the color of the dotted circle.
    9. To view the updated incident banner, click Security Incidents > Incidents (New UI) to navigate to the Incident record in the Security Analyst Workspace and refresh the page to view the updated Incident banner.
    10. To configure the Response Task banner in the Incident record, navigate to Security Incidents > Response Tasks > Show All Tasks and repeat the steps.
    11. If you are creating a new task table extending from the base Security Incident Response Task table, you must also add the SIR New UI view to the table.
      1. From the View Name list, select New.
        Create new view
      2. Enter SIR New UI (case sensitive) in the Create New View window and click OK.

    Result

    The security incident and response task banners are updated in the Security Analyst Workspace (Manage security threats using the Security Analyst Workspace).