Incident Submission Settings
CSAP members can report any suspicious cyber activity or incident to the security team using the incident reporting feature. Members can also upload multimedia files such as images and videos to use them as attachments to enhance the threat intel reports. Privileged users can easily manage incidents reported by Members and view key details such as Incident ID, Title, Reporter info, Report date and time, and attachments.
Before you Start
You need to have the View and Create/Update permissions to access the features in the Settings module. These permissions can be assigned only to a Role.
Note
Privileged users can view incidents reported via the CSAP Member Portal in the Incident Submission section of the CSAP Analyst Portal.
Text Boxes - TextBoxes are free-flowing editors that allow for the inclusion of additional information in an Incident report form. Please note that you must enable required the desired text boxes (Impact, Technology Impacted) to make them available in the incident report form.
Flags - Flags contain additional fields that can be made available in the Incident report form. The available flag is a tag(s). Please note that you must enable the required fields to make them available in the Incident report form.
Threat Method - A threat method is a technique used by a threat actor to cause a threat/incident. Members can include threat method details to provide additional details about the Incident report. Threat methods can be Brute Force, DDOS, Malware, Spear phishing, Spoofing, and more.
Severity - Severity is used to indicate how impactful a specific threat or piece of information can be to the organization. Severity values help members convey the severity of the Incident shared via the report. For example, severity values can be Informational, Minimal Impact, Moderate Impact, etc.
Incident Type - Incidents can be categorized into different types based on the Attack Vectors, Compromised User Accounts, Asset Defacement, Data Breach, Denial of Service, etc. Incident type information can be conveyed by members while reporting incidents.
How does this work?
If a member notices any suspicious activity occurring around them such as a malicious email with an attachment or a new app that hasn't been installed by you, he/she can take a picture and record video/audio to attach them as evidence when reporting the incident. A trigger is initiated that notifies the security team about the unexpected incident, helping them to take immediate action to restrict unwanted impact and consequences. Also, a user with appropriate permissions can view the stats associated with the reported incidents. Data may be filtered by incidents with or without attachments.
Create drop-down values
Select a required checkbox to enable a field in the incident reporting form of the CSAP Member Portal.
Note
Users cannot create new text boxes, flags, and other fields. However, users can create field values for fields such as Threat Method, Severity, and Incident Type.
Switch to the required field by selecting the desired tab (Threat method, Severity, Incident Type).
Click on Create.
Name the Incident Type.
Determine the status of the Incident Type (Active, Inactive) via the toggle at the top right of the screen.
Once done, click on the Create button.