Security Incident Response Other Records
This section displays the other records such as IT related records and email records. Under IT records, Incident, Change Request, Problem and Outages are displayed.
Under Email, Draft, Sent Emails and Received Emails are displayed.
Create an incident
Create an incident within a security incident.
Before you begin
Role required: sn_si.analyst.
Procedure
-
Click Create Incident.
Link multiple ITSM incidents, problems or change requests to a security incident
Link related multiple IT Service Management (ITSM) incidents, problems or change requests to a security incident.
Before you begin
Role required: sn_si.analyst
Procedure
- Navigate to .
-
Select the Security Incidents icon
.
- Open the incident record.
- Select the Other Records tab.
- Under IT records, select Incident or Problems or Change Requests.
- Select Link.
- Select the ITSM record you want to link to the selected security incident.
- Select Link.
Result
The selected ITSM records are listed in the IT records section of the selected security incident record.
Create a problem task
Create a problem task.
Before you begin
Role required: sn_si.analyst
Procedure
- Navigate to .
- Open any incident record.
- Select Create Problem.
- Fill in the details such as Configuration Item, Location, Impact, Urgency, Priority, and Short description.
- Select Create.
- A problem task gets created.
Create a change request
Create a change request.
Before you begin
Role required: sn_si.analyst.
Procedure
- Navigate to .
- Open any incident record.
- Click Create Change Request.
- Enter the details such as Configuration Item, Location, Priority, and Short description.
- Click Create.
- A change request gets created.
Create outage
Crete an outage from an incident to track the down time of a configuration item.
Before you begin
Role required: sn_si.analyst
Procedure
- Navigate to .
- Open any incident record.
- Click Create outage.
- Enter the details such as Configuration Item, Begin date, End date, Type, and Short description.
- Click Create.
Compose Emails
As an analyst, you can compose emails directly from security incidents.
Before you begin
Role required: sn_si.analyst
Procedure
-
Click the overflow and select Compose Email.
-
Within the Email form, click Quick Messages to view the
quick messages which is displayed on the right side of the Compose
Emails section.
The available quick messages are displayed. Select the message and click Insert. The messages gets inserted in the body of the email.
-
Compose your email and click Send Email.
Note:How to configure Quick Messages:You can save an email as a draft. These draft emails will be available under the Other records tab.
-
Search for Quick Message (sys_email_canned_message) table.
-
Enter the Title, body of the
message, select the Table: Security Incident
(sn_si_incident) and Active check
box.
-
Search for Quick Message (sys_email_canned_message) table.
-
Select the Response Template and click Copy
to clipboard and apply the template, if required.
How to configure Response Templates:
-
Search for the Response Template
(sn_templated_snip_note_template) table.
-
Enter the Name, Short
Name, select the Table: Security Incident
(sn_si_incident) and Template
body.
-
Search for the Response Template
(sn_templated_snip_note_template) table.