Security Incident Unauthorized Access workflow template

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • The Security Incident - Unauthorized Access - Template allows you to perform a series of tasks designed to handle unauthorized access to your network.

    Antes de Iniciar

    Role required: sn_si.write

    Por Que e Quando Desempenhar Esta Tarefa

    The workflow is triggered when the Category in a security incident is set to Unauthorized access. This action causes a response task to be created for the first activity in the workflow.

    Figura 1. Unauthorized access
    Unauthorized access workflow template

    Procedimento

    1. Open the security incident for this potential attack, or create a new security incident.
    2. In Category, select Unauthorized access.
    3. Save the record.
    4. Scroll down and open the Response Tasks related list.
      The first of a series of response tasks appears. Each time the record is saved, your response to the previous task either causes the next response task to be created or the workflow to end.
      Tabela 1. Response tasks in Unauthorized Access Template
      Response task Action Results
      User credentials compromised? Determine whether any users credentials have been compromised.

      In the task, select Yes or No in Outcome.

      		 If you select Yes, the following two tasks are executed in parallel:
      • Malicious software?
      • Deactivate user account

      If you select No, the Contact user and determine intent task is executed.
      Malicious software? Determine whether the unauthorized access resulted in the introduction of malicious software.

      In the task, select Yes or No in Outcome.

      		 If you select Yes, the Create malicious software incident task is executed.

      If you select No, the Set state to review task is executed.
      Create malicious software incident Perform the steps necessary to create a security incident for the unauthorized access. When this task is complete, the Set state to review task is executed.
      Deactivate user account Perform the steps necessary to deactivate the compromised user account. When this task is complete, the Set state to review task is executed.
      Contact user and determine intent Perform the steps necessary to contact the user who responsible for the unauthorized access and determine the reason for the access attempt. When this task is complete, the HR process task is executed.
      HR process Perform the steps necessary to contact human resources to implement disciplinary action if necessary. When this task is complete, the Set state to review task is executed.
      Set state to review No action required. The State of the security incident is changed automatically to Review, and the flow ends.